[Date Prev][Date Next] [Chronological] [Thread] [Top]

Re: SASL auth not working

To: Michael Ströder <michael@stroeder.com>
Subject: Re: SASL auth not working
From: Dan White <dwhite@olp.net>
Date: Wed, 30 Jun 2010 14:02:26 -0500
Cc: openldap-technical@openldap.org, Diego Lima <lists@diegolima.org>
Content-disposition: inline
In-reply-to: <4C2B7424.1000602@stroeder.com>
References: <AANLkTimdGLX92Wm7T930aeikW1LdzHITlIUxrgKRqMjz@mail.gmail.com> <20100624135006.GD2429@dan.olp.net> <4C2B7424.1000602@stroeder.com>
User-agent: Mutt/1.5.18 (2008-05-17)

On 30/06/10 18:43 +0200, Michael Ströder wrote:

Dan White wrote:

On 23/06/10 10:27 -0300, Diego Lima wrote:

I'm trying to set up openldap to authenticate using my kerberos
service, but I'm not having success so far.

The userPassword value translates to {SASL}diego.lima@USERS


IMO that's not needed for SASL/GSSAPI.

When doing a SASL bind, you should specify the same username that you are
authentication with, for saslauthd. Use a '-U diego.lima@USERS' instead of
a -D option:

ldapwhoami -U diego.lima@USERS


He would also have to specify -Y GSSAPI.
And off course slapd has to be kerberized first to make this work.

Presumably he is doing plaintext authentication to slapd rather thangssapi, and having saslauthd validate the username and password against akerberos5 server.


--
Dan White

Follow-Ups:
- Re: SASL auth not working
  - From: Michael Ströder <michael@stroeder.com>

References:
- SASL auth not working
  - From: Diego Lima <lists@diegolima.org>
- Re: SASL auth not working
  - From: Dan White <dwhite@olp.net>
- Re: SASL auth not working
  - From: Michael Ströder <michael@stroeder.com>

Prev by Date: Re: SASL auth not working
Next by Date: Re: SASL auth not working
Index(es):
- Chronological
- Thread