[Date Prev][Date Next] [Chronological] [Thread] [Top]

RE: Problems with OpenLDAP 2.1.4 and Kerberos


I'm attempting to connect to an Active Directory LDAP server using the
OpenLDAP software as a client. It works with basic authentication, but
my problem has been when attempting to use Kerberos.

I have this feeling that I'm missing something obvious. I just can seem
to see what's the problem. When looking through the archives, it appears
that others are at least asked for their identity when using the "-I"
flag. I'm not even being asked, just told I had an error...

I received following debug output when I specify the "-Y GSSAPI" flag:

abrock@web ~ 516 $ kinit
Password for abrock@CAMPUS.GEORGEFOX.EDU: 
abrock@web ~ 517 $ ldapsearch -H ldap://ads01.campus.georgefox.edu/ -I
-b "OU=Staff,DC=campus,DC=georgefox,DC=edu" -d 255 -Y GSSAPI -LLL
ldap_interactive_sasl_bind_s: user selected: GSSAPI
ldap_int_sasl_bind: GSSAPI
ldap_connect_to_host: TCP ads01.campus.georgefox.edu:389
ldap_new_socket: 4
ldap_prepare_socket: 4
ldap_connect_to_host: Trying XXX.XXX.XXX.XXX:389
ldap_connect_timeout: fd: 4 tm: -1 async: 0
ldap_ndelay_on: 4
ldap_is_sock_ready: 4
ldap_ndelay_off: 4
ldap_sasl_interactive_bind_s: Local error (82)
abrock@web ~ 518 $ 


Anthony Brock
Director of Network Services
George Fox University

E-Mail: abrock@georgefox.edu
Phone:  (503) 554-2579
FAX:    (503) 554-3834

-----Original Message-----
From: Howard Chu [mailto:hyc@symas.com] 
Sent: Wednesday, September 18, 2002 4:41 PM
To: Quanah Gibson-Mount; Anthony Brock; openldap-software@OpenLDAP.org
Subject: RE: Problems with OpenLDAP 2.1.4 and Kerberos

Unless your slapd is itself making requests to other kerberized
services, it
doesn't need any tickets of its own. Just the keytab.

  -- Howard Chu
  Chief Architect, Symas Corp.       Director, Highland Sun
  http://www.symas.com               http://highlandsun.com/hyc
  Symas: Premier OpenSource Development and Support