[Date Prev][Date Next] [Chronological] [Thread] [Top]

{KERBEROS} plain binding

I am trying to get {KERBEROS}principle pass thru authentication to work,
with no luck whatsoever.

I can successfully kinit as the principle, with the same password as I
am trying for the below command.

ldapsearch -H ldaps://fqdnofhost -D "uid=jhaltom,ou=users,dc=<mydc>" -x

The following lines are in my slapd.conf.

srvtab          /etc/krb5.keytab
sasl-realm      <capital kerberos realm>
sasl-host       <fqdn of kerberos host, same as slapd host>

THe userPassword of the object I am trying to bind (-D) as is

The keytab refered to in the srvtab line exists, and I have added
ldap/fqdnofhost@REALM to it.

I am totally out of ideas how to get this to work.

Plain authentication is required because I am going to be using the
COurier IMAP daemon, which cannot use kerberos as a authenitcation
store, but can use LDAP.  ALl communication to ldap WILL be over TLS/SSL
so I am fine with the security.

I CAN kinit as the same principal as above, and successfully issue:

ldapsearch -x -W ''

Returning all records in the database.

Thanks for the help in advance

Jerry Haltom