[Date Prev][Date Next] [Chronological] [Thread] [Top]

Re: GSSAPI+kerberos5+TLS to Active Directory

To: "Norbert Klasen" <norbert.klasen@daasi.de>, <openldap-software@OpenLDAP.org>
Subject: Re: GSSAPI+kerberos5+TLS to Active Directory
From: "andrew hall" <temp01@bluereef.com.au>
Date: Sat, 9 Mar 2002 15:29:37 +1100
References: <003b01c1c67c$0f69f090$2e01010a@bluereef.local> <262779787.1015611735@localhost>

> 2. Now loading a server side certificate authority on AD and attempting a
 >> TLS start I observe the following:
 >>     a. SASL auth doesn't work in this mode I assume because AD doesn't
 > >support an EXTERNAL SASL mechanism?

 >Correct, no SASL EXTERNAL. However, SASL GSSAPI works, but you need to
 >disable the privacy and intergity protecion on the SASL layer
(sasl_ssf=0).

 Disabling privacy and integrity protection? Can I do this via the -O switch
 with Ldapsearch, or is this a compile-time option?

Follow-Ups:
- Re: GSSAPI+kerberos5+TLS to Active Directory
  - From: Norbert Klasen <norbert.klasen@daasi.de>

References:
- GSSAPI+kerberos5+TLS to Active Directory
  - From: "andrew hall" <temp01@bluereef.com.au>
- Re: GSSAPI+kerberos5+TLS to Active Directory
  - From: Norbert Klasen <norbert.klasen@daasi.de>

Prev by Date: Re: Dynamic Groups
Next by Date: ACL in openldap
Index(es):
- Chronological
- Thread