[Date Prev][Date Next] [Chronological] [Thread] [Top]

Re: OpenLDAP with GSSAPI problem



Quoting "Shaick" <shaick_mlist1@lycos.co.uk>:

> I have a problem to work OpenLDAP 2.1.21 with Cyrus-SASL 2.1.10
> GSSAPI mechnism.
> 
> Can you please give steps how to configure( slapd.conf,ldap.conf,and
> a sample ldif[if some thing special entries is needed for GSSAPI] )
>
> sasl-regexp
>         uid=(.*),cn=gssapi,cn=auth
>         [[ldap:///dc=team,dc=com??sub?(krb5PrincipalName=$1@REALM]])
>
> test.ldif
> --snip--
> dn: cn=shs+uid=s001,dc=team,dc=com
> cn: shs
> uid: s001
> ou: Development
> objectClass: top
> objectClass: person
> objectClass: organizationalPerson
> objectClass: inetOrgPerson
> facsimileTelephoneNumber: +1 313 764 5140
> mail: shs@krishna.team.com
> sn: shs
> userPassword: {KERBEROS}principal@REALM

If you're using the sasl-regexp above, you'd need the objectclass
'krb5Principal' and the attribute 'krb5PrincipalName' like this:

----- s n i p -----
objectClass: krb5Principal
krb5PrincipalName: principal@REALM
----- s n i p -----