[Date Prev][Date Next] [Chronological] [Thread] [Top]

RE: Problems with OpenLDAP 2.1.4 and Kerberos

--On Thursday, September 19, 2002 12:36 PM -0700 Anthony Brock <abrock@georgefox.edu> wrote:


Setting the debug flag to -1 didn't appears to increase the output.
Thanks for the information concerning the "-I" flag. I was under a
different impression from the LDAP-Kerberos HOWTO.

Could this be an issue with our Active Directory setup? I'm intrigued by
the suggestion concerning the ldap/host@realm ticket (basically, I'm
grasping at straws).

Also, does anyone know how to better troubleshoot the SASL libraries? I
again tried the sample programs included with SASL v2, and they appeared
to work fine. Of course, this was when connecting to a UNIX server, not
a W2K server.


I'd be more curious about the keytab issue rather than the ticket. I guess I'm not quite sure what you are doing. You are connecting to active directory with the openldap ldapsearch binary? Or you are connecting to an openldap server running on Windows? In the former case, neither the keytab nor the ticket will do anything for you. In the latter, you definately need the K5 ldap/<host> keytab.


Quanah Gibson-Mount
Senior Systems Administrator
ITSS/TSS/Computing Systems
Stanford University
GnuPG Public Key: http://www.stanford.edu/~quanah/pgp.html