[Date Prev][Date Next] [Chronological] [Thread] [Top]

Re: Compile openldap library with GSSAPI enabled

To: Dan White <dwhite@olp.net>
Subject: Re: Compile openldap library with GSSAPI enabled
From: Michele <indirizzoint@yahoo.it>
Date: Tue, 19 Feb 2013 11:31:11 +0100
Cc: openldap-technical@openldap.org
Dkim-signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=yahoo.it; s=s1024; t=1361269892; bh=GIUdTC1CIaFPXeUSqtx4Do43+sxaxu2dHVApIH4oq64=; h=X-Yahoo-Newman-Id:X-Yahoo-Newman-Property:X-YMail-OSG:X-Yahoo-SMTP:Received:Received:X-Received:MIME-Version:Received:In-Reply-To:References:From:Date:Message-ID:Subject:To:Cc:Content-Type; b=EwVb7fbhYFubecM2ne+NPnEXhhFgQ9dgq7MqTPwffNuAsDOUbHk/Cqekt5m7bJ0W+n4gwSo/nKiV9MogpC1fYDIQNXiE+hxai7MROdysHCMm559EW9WzYRuyLS0kNIS9wZVJZEDqydWuqDs7Evhy/uHpdxghiRukcUdbj3SYTpg=
In-reply-to: <20130218143308.GA5326@dan.olp.net>
References: <CAG+MCp27cONCOtuTucsYgCA7hHt+We2yh4-_qaQyBBTtxbwxgg@mail.gmail.com> <20130214194447.GI6501@dan.olp.net> <CAG+MCp0sf_8-YaL-m51Fs5Z9W16iRF1bGy2s7RwyDoT-_o7-4A@mail.gmail.com> <20130218143308.GA5326@dan.olp.net>

Ok I've tried that and my AD server supports all mechanism you listed above.
The problem is that I'm compiling  a client application and I'd like
to use GSSAPI mechanism, but when I compile OpenLDAP I'm not sure if
it is compiling also the GSSAPI stuff. Also when I try to connect my
client to my AD server it  says that no mechanism are available.
Thanks



On Mon, Feb 18, 2013 at 3:33 PM, Dan White <dwhite@olp.net> wrote:
>> On Thu, Feb 14, 2013 at 8:44 PM, Dan White <dwhite@olp.net> wrote:
>>>
>>> On 02/14/13 12:19 +0100, Michele wrote:
>>>>
>>>> I'm trying to build OpenLDAP enabling the GSSAPI module, but I can't
>>>> find any reference on that in the configure file.  I'm doing that
>>>> because I'm writing a client program that want to login to a Windows AD
>>>> via kerberos.  Any help is appreciated.
>>>
>>>
>>> You'll need to install the cyrus sasl gssapi plugin. Use 'pluginviewer'
>>> to
>>> view your current list of installed plugins.
>
>
> On 02/18/13 13:13 +0100, Michele wrote:
>>
>> this is my pluginviewer and cyrus rpms installed on my machine.
>> I think I already get it.
>>
>> # pluginviewer
>> Installed SASL (server side) mechanisms are:
>> LOGIN GSSAPI PLAIN ANONYMOUS EXTERNAL
>> List of server plugins follows
>> Plugin "login" [loaded],        API version: 4
>>        SASL mechanism: LOGIN, best SSF: 0, supports setpass: no
>>        security flags: NO_ANONYMOUS
>>        features:
>> Plugin "gssapiv2" [loaded],     API version: 4
>>        SASL mechanism: GSSAPI, best SSF: 56, supports setpass: no
>>        security flags:
>> NO_ANONYMOUS|NO_PLAINTEXT|NO_ACTIVE|PASS_CREDENTIALS|MUTUAL_AUTH
>>        features: WANT_CLIENT_FIRST|PROXY_AUTHENTICATION
>
>
>
>> [root@temdev10 ~]# rpm -ql | grep cyrus
>> rpmq: no arguments given for query
>> [root@temdev10 ~]# rpm -qa | grep cyrus
>> cyrus-sasl-plain-2.1.22-5.el5_4.3
>> cyrus-sasl-gssapi-2.1.22-5.el5_4.3
>> cyrus-sasl-devel-2.1.22-5.el5_4.3
>> cyrus-sasl-2.1.22-5.el5_4.3
>> cyrus-sasl-lib-2.1.22-5.el5_4.3
>
>
> You have the necessary sasl components installed to support gssapi
> authentication. To verify that your AD server supports gssapi:
>
> ldapsearch -LLL -x -H ldap://ad.example.org -s "base" -b ""
> supportedSASLMechanisms
> dn:
> supportedSASLMechanisms: GSSAPI
> supportedSASLMechanisms: GSS-SPNEGO
> supportedSASLMechanisms: EXTERNAL
> supportedSASLMechanisms: DIGEST-MD5
>
> See the FAQ entry "How do I configure OpenLDAP+SASL+GSSAPI" here (the
> client side details should still apply):
>
> http://www.cyrussasl.org/mediawiki/index.php/FAQ
>
> --
> Dan White

Follow-Ups:
- Re: Compile openldap library with GSSAPI enabled
  - From: Patrick Lists <openldap-list@puzzled.xs4all.nl>
- Re: Compile openldap library with GSSAPI enabled
  - From: Dan White <dwhite@olp.net>

References:
- Compile openldap library with GSSAPI enabled
  - From: Michele <indirizzoint@yahoo.it>
- Re: Compile openldap library with GSSAPI enabled
  - From: Dan White <dwhite@olp.net>
- Re: Compile openldap library with GSSAPI enabled
  - From: Michele <indirizzoint@yahoo.it>
- Re: Compile openldap library with GSSAPI enabled
  - From: Dan White <dwhite@olp.net>

Prev by Date: Re: ldapi without TLS and ldap with TLS?
Next by Date: Re: Compile openldap library with GSSAPI enabled
Index(es):
- Chronological
- Thread