[Date Prev][Date Next] [Chronological] [Thread] [Top]

Re: OpenLDAP with GSSAPI problem



Quoting "Shaick" <shaick_mlist1@lycos.co.uk>:

> 5. HP-UX 11.11 comes with default Kerberos and GSSAPI libraries with it.It
>    does not comes with SASL or LDAP.
>    In openldap compilation i used the system default kerberos and libraries.
>
>    Note:- CyrusSASL sample-server,client is worked fine with This build.
>
> 6. My ldd out for the libldap libraries is,
> # ldd libldap.sl.2
>         /usr/lib/libc.2 =>      /usr/lib/libc.2
>         /usr/lib/libdld.2 =>    /usr/lib/libdld.2
>         /usr/lib/libc.2 =>      /usr/lib/libc.2
>         /usr/lib/libgss.sl =>   /usr/lib/libgss.sl
>         /vob/hpux_buildenv/hp700_ux1111/usr/lib/libdld.2 => /usr/lib/libdld.2
>         /vob/hpux_buildenv/hp700_ux1111/usr/lib/libc.2 =>   /usr/lib/libc.2
>         /usr/lib/libcom_err.sl =>       /usr/lib/libcom_err.sl
>         /usr/lib/libk5crypto.sl =>      /usr/lib/libk5crypto.sl
>         /usr/lib/libkrb5.sl =>  /usr/lib/libkrb5.sl
>         /usr/lib/libcom_err.sl =>       /usr/lib/libcom_err.sl
>         /usr/lib/libk5crypto.sl =>      /usr/lib/libk5crypto.sl
>         /usr/lib/libnsl.1 =>    /usr/lib/libnsl.1
>         /usr/lib/libxti.2 =>    /usr/lib/libxti.2
>         /opt/iexpress/openldap/lib/liblber.sl.2 => /opt/iexpress/openldap/lib/liblber.sl.2
>         /usr/lib/libc.2 =>      /usr/lib/libc.2

Don't know exactly what this means, since I'm not sure what is HP-UX
libs and what's not, but the fourth lib (/usr/lib/libgss.sl) seems
'strange' to me. But that's maybe because it was ten years since I
logged into a HP-UX last :)

But since it's in /usr/lib, it must be a 'system library' (ie, included
with the Operating System). And if the OpenLDAP lib is linked with this,
and then later with the kerberos libs from the system (/usr/lib/libkrb5.sl)
etc, and NOT (?) with the cyrus sasl lib (which SHOULD be called libsasl.so.7,
at least it is on my Linux system) there might be some missmatches...

I'm not sure, but this all looks like you're compiling/linking your OpenLDAP
binaries/libraries with the wrong Kerberos and/or SASL libs...

You better ask someone that knows HP-UX...

> But still i got the same error,
> # ldapsearch -Y GSSAPI
> SASL/GSSAPI authentication started
> ldap_sasl_interactive_bind_s: Invalid credentials (49)
>         additional info: SASL(-13): authentication failure: GSSAPI Failure

Since it says 'GSSAPI Failure', missmatches in the libraries doesn't sound
to farfetched to me...