[Date Prev][Date Next] [Chronological] [Thread] [Top]

Re: ldapadd and /etc/krb5.conf


"claus" <ch@greenmail.ch> writes:

> Hello,
> I wonder why the command
>   ldapadd -f /tmp/manager.ldif -Y GSSAPI
> gives the error
>   GSSAPI Error: Miscellaneous failure (Server not found in Kerberos database)
> if I do _not_ configure /etc/krb5.conf
>   [domain_realm]
>        .mycompany.com = <REALM>
> If I _do_ configure /etc/krb5.conf the command works fine.
> Is there a way to give "ldapadd" (and the other tools) on the command line
> the information contained in the "domain_realm" section. I think I tried
> every thing "-R" "-X" "-W" "-U". I do not knpow how to use/test "-O".

That is not a SASL nor an OpenLDAP issue, it is a krb5 issue.
If you don't specify domain_realm, krb5 considers host.domain.tld als
valid realm.
Read the Kerberos V5 System Administrator's Guide.

Dieter Kluenter  | Systemberatung
Tel:040.64861967 | Fax: 040.64891521
mailto: dkluenter(at)dkluenter.de