[Date Prev][Date Next] [Chronological] [Thread] [Top]

SASL proxy auth problem

To: openldap-technical@openldap.org
Subject: SASL proxy auth problem
From: Jaap Winius <jwinius@umrk.nl>
Date: Sat, 01 Jan 2011 20:02:48 +0100
Content-disposition: inline
User-agent: Internet Messaging Program (IMP) H3 (4.3.8)

Hi folks,

Thanks to Pierangelo's last reply, I now know what I suspected: thatmy consumer servers are configured to authenticate to their providersusing SASL/GSSAPI, but that sometimes they don't do this, especiallywith proxy authorization. I've documented the entire install process:


   * OpenLDAP provider with MIT Kerberos V on Debian squeeze
     http://www.rjsystems.nl/en/2100-d6-openldap-provider-kerberos.php

   * OpenLDAP consumer with MIT Kerberos V on Debian squeeze
     http://www.rjsystems.nl/en/2100-d6-openldap-consumer-kerberos.php

The last time I followed these instructions to the letter, proxyauthorization worked. Now I've booted up the same machines again a fewdays later and it no longer works: the consumer still uses SASL tobind with the provider for replication, but it uses a SIMPLE bind forproxy authorization. Of course that results in an error. Yet, theconfiguration seems unchanged.


Has anyone else experienced this problem?

Thanks,

Jaap

PS -- If anyone is interested, I can supply plenty of details. Seealso my post of 12/24/2010 03:25:51 AM CET with subject "No ProxyAuthzwith SASL-GSSAPI?"

Follow-Ups:
- Re: SASL proxy auth problem -- looks like a bug
  - From: Jaap Winius <jwinius@umrk.nl>

Prev by Date: Re: slapd bind method codes
Next by Date: Re: Windows ldp.exe kills openldap 2.4.23
Index(es):
- Chronological
- Thread