[Date Prev][Date Next] [Chronological] [Thread] [Top]

RE: Problems with OpenLDAP 2.1.4 and Kerberos

To: Anthony Brock <abrock@georgefox.edu>, openldap-software@OpenLDAP.org
Subject: RE: Problems with OpenLDAP 2.1.4 and Kerberos
From: Quanah Gibson-Mount <quanah@stanford.edu>
Date: Thu, 19 Sep 2002 13:26:14 -0700
Content-disposition: inline
In-reply-to: <10E6C696E40B654AB7B5A934DB181F9A035456@foxmail.georgefox.edu>
References: <10E6C696E40B654AB7B5A934DB181F9A035456@foxmail.georgefox.edu>

--On Thursday, September 19, 2002 12:36 PM -0700 Anthony Brock <abrock@georgefox.edu> wrote:

Hmmm,

Setting the debug flag to -1 didn't appears to increase the output.
Thanks for the information concerning the "-I" flag. I was under a
different impression from the LDAP-Kerberos HOWTO.

Could this be an issue with our Active Directory setup? I'm intrigued by
the suggestion concerning the ldap/host@realm ticket (basically, I'm
grasping at straws).

Also, does anyone know how to better troubleshoot the SASL libraries? I
again tried the sample programs included with SASL v2, and they appeared
to work fine. Of course, this was when connecting to a UNIX server, not
a W2K server.


Tony,

I'd be more curious about the keytab issue rather than the ticket. I guess I'm not quite sure what you are doing. You are connecting to active directory with the openldap ldapsearch binary? Or you are connecting to an openldap server running on Windows? In the former case, neither the keytab nor the ticket will do anything for you. In the latter, you definately need the K5 ldap/<host> keytab.

--Quanah

--
Quanah Gibson-Mount
Senior Systems Administrator
ITSS/TSS/Computing Systems
Stanford University
GnuPG Public Key: http://www.stanford.edu/~quanah/pgp.html

References:
- RE: Problems with OpenLDAP 2.1.4 and Kerberos
  - From: "Anthony Brock" <abrock@georgefox.edu>

Prev by Date: RE: Problems with OpenLDAP 2.1.4 and Kerberos
Next by Date: RE: LDAP Access Control
Index(es):
- Chronological
- Thread