[Date Prev][Date Next] [Chronological] [Thread] [Top]

RE: OpenLDAP with GSSAPI problem



> -----Original Message-----
> From: Shaick [mailto:shaick_mlist1@lycos.co.uk]

> Hello Howard,
>
>     Thanks for your detailed email.
>
> The sample-client and sample-server is working fine with SASL GSSAPI
> Here is output of sample server client test,
> # ./sample-server -s host -p ../plugins/.libs
...
> # ./sample-client -s host -n krishna.kovaiteam.com -u arun-p
> ../plugins/.libs
...
> So the SASL GSSAPI with working fine. Is this correct?

Try again with "-s ldap" instead, since slapd is using the ldap service.

> So what else could be the problem,I thing configuration part?
>
> I did the following for gssapi test.
>
> 1. Modify  "userPassword" in LDIF file as,
> userPassword: {KERBEROS}principal@REALM

This step is unnecessary for SASL/GSSAPI. Ignore whatever document you read
that told you to do it; that document is wrong.

> 2. Add the user in Kerberos REALM (say s001)
>
> 3. kinit s001
>
> 4. ./ldapsearch -Y GSSAPI -U s001

Don't use "-U s001"; the GSSAPI mechanism already knows what your Kerberos
username is since it's embedded in your TGT.
>
> Please I let me know if i miss any thing in step.

  -- Howard Chu
  Chief Architect, Symas Corp.       Director, Highland Sun
  http://www.symas.com               http://highlandsun.com/hyc
  Symas: Premier OpenSource Development and Support