[Date Prev][Date Next]
Re: Need SASL idiot-proof walkthrough
Digant Kasundra <email@example.com> writes:
> Hello everyone,
> So far, no one has been able to decipher my SASL problem from my postings of
> log files and conf files etc. I have even cleanly reinstalled my machines.
> There is something basic and simple and stupid that I must be missing. Can
> someone please give me a step-by-step walkthrough based on the following
> information so I could make doubly sure that I am doing things properly?
> I have a KDC (running MIT KRB) on labrador.kerb.uta.edu. I have an OpenLDAP
> 2.2.7 box running on omicron.kerb.uta.edu. I have a realm KERB.UTA.EDU. I
> have a user dn: uid=digant,cn=people,dc=uta,dc=edu.
> An idiot-proof walkthrough would really help and I *KNOW* that's asking a
> lot out of people and I wholely apologize for that. I've done it on my own
> and no one can see a problem with the way I did it but it still doesn't
> work. So if someone can give me a step by step on which principals to
> create, what entry to create in the LDAP and what to put in the slapd.conf
> (and any other important steps), I promise I will buy you a pizza!
> (I won't detail how I've been doing it so far b/c I don't want to prejudice
> the feedback)
1. ldapsearch -x -b "" -s base supportedSASLMechanisms
2. create a principal for ldap/your.host@YOUR.REALM
3. read man slapd.conf(5) in particular on sasl-regexp
4. add a sasl-regexp to slapd.conf
5. ldapseach -Y GSSAPI -U <user> -H ldap://your.host -b"<your base>"
I found that some versions of cyrus-sasl are case sensitive with
regard to mechanisms, so I stick to upper case notation.
Dieter Kluenter | Systemberatung
Tel:040.64861967 | Fax: 040.64891521