[Date Prev][Date Next]
ldapsearch gives authentication error under AIX 5.1
Hello all together
I'm trying to connect to a W2k LDAP-Server with the SASL GSSAPI method
under AIX 5.1 .
Because I'm not able to use RPM's under AIX, I have to do that all by
Here is what I've done so far:
- Compiled and installed gdbm-1.8.3 which I use as ldbm backend. This
any complications (./configure && make && make install)
- Compiled and installed tcl8.4.2 which is needed by kerberos (am I wrong
- Compiled and installed the MIT Kerberos (krb5-1.2.6) without getting
problems (just configure && make && make install)
- Did the same with OpenSSL (openssl-0.9.7a)
- Compiling the Cyrus SASL (cyrus-sasl-1.5.28) was a little bit more tricky
than I thought:
env CPPFLAGS="-I/usr/local/ssl/include -I/usr/local/include/gssapi/
-I/usr/local/include/ -I/usr/local/include/kerberosIV/" LDFLAGS="
-L/usr/local/ssl/lib -L/usr/local/lib/ -lgssapi_krb5 -lkrb5
-lk5crypto -lcom_err" ./configure --enable-shared --enable-gssapi
make && make install (without problems)
- Compiling OpenLDAP (openldap-2.0.27) was a great deal of head-scratching
env CPPFLAGS="-I/usr/local/ssl/include -I/usr/include/sasl
-I/usr/local/include/" LDFLAGS=" -L/usr/local/ssl/lib -L/usr/local/lib/
-lpam -lgssapi_krb5 -lkrb5 -lk5crypto -lcom_err" ./configure --enable-ldbm
--with-ldbm-api=gdbm --disable-shared --with-ssl --with-kerberos --with-tls
--with-cyrus-sasl --prefix=/usr --sysconfdir=/etc --enable-slapd
--enable-kpasswd --enable-spasswd --enable-kbind
Because of a BUG (i've read about that on the internet) I had to change the
./include/portable.h file before doing a "make":
#define HAVE_GETADDRINFO 1 -> #undef HAVE_GETADDRINFO
The "make test" passed without a single error.
Before I started using ldapsearch to test the connection to the LDAP Server
I catched a Kerberos-Ticket via "kinit <usr>@<realm>" which worked fine.
But now if I try to make a ldapsearch (ldapsearch -h myldapserver -p 389 -d
5) I get the following error:
ldap_interactive_sasl_bind_s: server supports: GSSAPI GSS-SPNEGO
ldap_int_sasl_bind: GSSAPI GSS-SPNEGO
ldap_sasl_interactive_bind_s: Unknown authentication method
I think that I've all done (yes, I had to read through a lot of mans,
internet-pages and mailing lists to come so close to the solution),
but now I don't come forward anymore.
So any tipps or tricks would rock!
Thank you very much!
Stefan Rothenbühler, Informatik
Direktwahl +41 (0)41 767 65 53, Direktfax +41 (0)41 767 95 53
Industriestrasse 66, Postfach 59, CH-6301 Zug
Telefon +41 (0)41 767 67 67, Fax +41 (0)41 767 61 67