[Date Prev][Date Next] [Chronological] [Thread] [Top]

GSSAPI fails?


I've set up a kerberos realm and now I'm trying to make openldap use k5
credential, without success.

First, I'm using debian stable, so I'm using ldap 2.0.23. I know it has
some incompatibilities and so I have NO suffix (base DN).

My realm is PLM.A.B.COM, the ldap/kdc server is plm.a.b.com. I can log
in with a ldap user, it gets the right tickets, but when I try to modify
my loginShell attribute I get this:

$ ldapmodify -v -f user.ldif
SASL/GSSAPI authentication started
SASL installing layers
modifying entry "uid=ldaptest"
replace loginShell:
ldap_modify: Insufficient access

ldif_record() = 50

What should I do?

Sensei    <mailto:senseiwa@tin.it>
Error: Keyboard not found. Press F1 to continue...