[Date Prev][Date Next] [Chronological] [Thread] [Top]

RE: can I use a kerberos ticket with ldapsearch (and ldap libraries)

On Sat, 2002-04-13 at 07:29, Michael Torrie wrote:
> Okay, I'm getting closer.  I'm able to do a kinit on my root@MYDOMAIN
> principal.  Then I run:
> ldapsearch -h myhost.mydomain.com -p 389 -I -b "" -s base -LLL
> supportedSASLMechanisms
> I get an error:
> ldap_sasl_interactive_bind_s: Unknown error
> 	additional info: GSSAPI: gss_acquire_cred: Miscellaneous failure;
> Permission denied;
> This is better then the last error, which was the generic local error.
I struggled with this quite a few hours, it turned out that slapd
running as the user ldap didnt have read permissions for my keytab

Another question.. when I get my kerberos ticket for
noselasd@FIANE.INTRA , and bind to ldap with sasl which
dn am I bound as?

Nils Olav Selåsdal <NOS@Utel.no>
System Developer, UtelSystems a/s
w w w . u t e l s y s t e m s . c o m