[Date Prev][Date Next]
[Chronological]
[Thread]
[Top]
Re: OpenLDAP with GSSAPI problem
Hello Dieter,
Thanks for correcting me.I am really not clear with sasl-regexp syntax.
I have corrected the synax now as,
sasl-regexp uid=(.*),cn=(.*),cn=gssapi,cn=auth
ldap:///dc=team,dc=com??sub?(krb5PrincipalName=$1@REALM)
But still i have the same error.
# ./ldapsearch -Y GSSAPI -U s001
SASL/GSSAPI authentication started
ldap_sasl_interactive_bind_s: Invalid credentials (49)
additional info: SASL(-13): authentication failure: GSSAPI Failure
The extra steps i did for SASL GSSAPI is,
1. specify "sasl-regexp" as,
sasl-regexp uid=(.*),cn=(.*),cn=gssapi,cn=auth
ldap:///dc=team,dc=com??sub?(krb5PrincipalName=$1@REALM)
2. Modify "userPassword" in LDIF file as,
userPassword: {KERBEROS}principal@REALM
3. Add the user in Kerberos REALM (say s001)
4. kinit s001
5. ./ldapsearch -Y GSSAPI -U s001
Please I let me know if i miss any thing in step.
Thanks,
-Shaick.
> Hello,
>
> "Shaick" <shaick_mlist1@lycos.co.uk> writes:
>
> > Hello Kent,
> >
> > It is a typo and i have corrected that as,
> >
> > sasl-regexp uid=(.*),cn=(.*),cn=gssapi,cn=auth
> > ldap:///c=SE??sub?(krb5PrincipalName=$1@REALM)
>
> I don't think you live in Sweden and your suffix is c=se
> you should change your saslRegexp to something like
> ldap:///dc=team,dc=com??sub?...
>
>
> > But still have receive the same error.
> >
> > # ./ldapsearch -Y GSSAPI -U s001 -b "dc=team,dc=com"
> > SASL/GSSAPI authentication started
> > ldap_sasl_interactive_bind_s: Invalid credentials (49)
> > additional info: SASL(-13): authentication failure: GSSAPI
Failure
> >
> >
> > Please confirm me that the STEPS and configuration are correct, if yes i
> > will try the openldap with MIT Kerberos.
>
> Your configuration is not correct.
>
> -Dieter
>
> --
> Dieter Kluenter | Systemberatung
> Tel:040.64861967 | Fax: 040.64891521
> mailto: dkluenter(at)dkluenter.de
> http://www.avci.de
>
>