[Date Prev][Date Next] [Chronological] [Thread] [Top]

Re: Help with OpenLDAP as NIS replacement.



Hello,

Lewis Thompson <purple@lewiz.info> writes:

> Hi,
>
>   I've been struggling to get openldap21 to work as a replacement for
> NIS, authenticating against Kerberos using cyrus-sasl2 for quite some
> time.  I'd been following Turbo's HOWTO, but that is for openldap20,
> cyrus-sasl1 and generally there are a number of inconsistencies.  Could
> anybody provide me with anywhere to look for setting this up?  I get to
> the stage where I get:
>
> ldap_sasl_interactive_bind_s: Invalid credentials (49)
>         additional info: SASL(-13): authentication failure: GSSAPI
> Failure: gss_accept_sec_context
>
> when I try and authenticate, yet I know cyrus-sasl2 works perfectly for
> talking to Kerberos as I have tested it with the sample-{server|client}
> software.

Did you set saslRegexp in slapd.conf?
Check the logfile for any errors while slapd is parsing the sasl
authentication string against an entry.

This are my settings

saslRegexp
     uid=(.*),cn=avci.de,cn=GSSAPI,cn=auth
     ldap:///o=avci,c=de??sub?uid=$1 
saslRegexp
    uid=(.*),cn=avci.de,cn=GSSAPI,cn=auth
    uid=$1,o=avci,c=de


-Dieter
-- 
Dieter Kluenter  | Systemberatung
Tel:040.64861967 | Fax: 040.64891521
mailto: dkluenter(at)dkluenter.de
http://www.avci.de