[Date Prev][Date Next]
[Chronological]
[Thread]
[Top]
RE: can I use a kerberos ticket with ldapsearch (and ldap libraries)
You can do this if your Kerberos installation includes libgss, and you also
need to install Cyrus SASL, then reconfigure/rebuild OpenLDAP with SASL
support.
-- Howard Chu
Chief Architect, Symas Corp. Director, Highland Sun
http://www.symas.com http://highlandsun.com/hyc
Symas: Premier OpenSource Development and Support
> -----Original Message-----
> From: owner-openldap-software@OpenLDAP.org
> [mailto:owner-openldap-software@OpenLDAP.org]On Behalf Of Michael Torrie
> Sent: Friday, April 12, 2002 7:16 PM
> To: openldap-software@OpenLDAP.org
> Subject: can I use a kerberos ticket with ldapsearch (and ldap
> libraries)
>
>
> I've searched for this, and found some info, but I'm still confused.
>
> If openldap was configured appropriately, can I bind to LDAP using a
> kerberos ticket obtained with kinit? I realize there are ACLs to deal
> with, and kerberos support has to be turned on in ldap. Right now I
> have my manager entity have a kerberos password in the slapd.conf file.
> When I bind as manager and give the password, slapd is able to verify
> that password using kerberos. But can I init to that principal first
> and then use ldapsearch? If so, can I also use ldap libraries and
> things like the php_ldap stuff with this ticket too?
>
> I saw an option -k in ldapsearch, but that has to do with krb5 and
> LDAPv2. I'm trying to do an LDAPv3 system.
>
> Any pointers to docs would be great. I already have an LDAP system set
> up (using kerberos for password verification) and Samba 2.2.2 working
> great. Just want to know about the kerberos ticket thing.
>
> Thanks,
> Michael
>
>
>
> --
> Public key available from http://students.cs.byu.edu/~torriem
>
>
>