[Date Prev][Date Next] [Chronological] [Thread] [Top]

RE: Problems with OpenLDAP 2.1.4 and Kerberos


Setting the debug flag to -1 didn't appears to increase the output.
Thanks for the information concerning the "-I" flag. I was under a
different impression from the LDAP-Kerberos HOWTO.

Could this be an issue with our Active Directory setup? I'm intrigued by
the suggestion concerning the ldap/host@realm ticket (basically, I'm
grasping at straws).

Also, does anyone know how to better troubleshoot the SASL libraries? I
again tried the sample programs included with SASL v2, and they appeared
to work fine. Of course, this was when connecting to a UNIX server, not
a W2K server.


Anthony Brock
Director of Network Services
George Fox University

E-Mail: abrock@georgefox.edu
Phone:  (503) 554-2579
FAX:    (503) 554-3834

-----Original Message-----
From: Howard Chu [mailto:hyc@symas.com] 
Sent: Thursday, September 19, 2002 11:38 AM
To: Anthony Brock; openldap-software@OpenLDAP.org
Subject: RE: Problems with OpenLDAP 2.1.4 and Kerberos

The "-I" flag is superfluous for the GSSAPI mechanism, all the relevant
information comes from your Kerberos credentials.

Setting your debug level up to -1 may show you more about what SASL is
I don't recall where the SASL log is directed at the moment.

  -- Howard Chu
  Chief Architect, Symas Corp.       Director, Highland Sun
  http://www.symas.com               http://highlandsun.com/hyc
  Symas: Premier OpenSource Development and Support