[Date Prev][Date Next] [Chronological] [Thread] [Top]

Help with OpenLDAP as NIS replacement.



Hi,

  I've been struggling to get openldap21 to work as a replacement for
NIS, authenticating against Kerberos using cyrus-sasl2 for quite some
time.  I'd been following Turbo's HOWTO, but that is for openldap20,
cyrus-sasl1 and generally there are a number of inconsistencies.  Could
anybody provide me with anywhere to look for setting this up?  I get to
the stage where I get:

ldap_sasl_interactive_bind_s: Invalid credentials (49)
        additional info: SASL(-13): authentication failure: GSSAPI
Failure: gss_accept_sec_context

when I try and authenticate, yet I know cyrus-sasl2 works perfectly for
talking to Kerberos as I have tested it with the sample-{server|client}
software.

  I have tried to keep the settings as simple as possible and ldapsearch
-x with manager shows the following:

# lewiz.org
dn: dc=lewiz,dc=org
dc: lewiz
objectClass: top
objectClass: domain

# People, lewiz.org
dn: ou=People,dc=lewiz,dc=org
ou: People
objectClass: top
objectClass: organizationalUnit

# lewiz, People, lewiz.org
dn: uid=lewiz,ou=People,dc=lewiz,dc=org
uid: lewiz
cn: Lewis Thompson
objectClass: account
objectClass: top
objectClass: krb5Principal
krb5PrincipalName: lewiz@LEWIZ.ORG

  I'm sure I've done something wrong and any help would be greatly
appreciated :)

  Thanks very much,

-lewiz.

-- 
You have acquired a scroll entitled 'irk gleknow mizk'(n).--More--

This is an IBM Manual scroll.--More--

You are permanently confused.
		-- Dave Decot
------------------------------------------------------------------------
-| msn:purple@lewiz.net | jab:lewiz@jabber.org | url:http://lewiz.net |-

Attachment: pgpcPIwoKDGkH.pgp
Description: PGP signature