[Date Prev][Date Next] [Chronological] [Thread] [Top]

Use GSSAPI Mechanism to authenticate against openldap server

Hello list,

I'm trying to authenticate with the GSSAPI mechanism to the Openldap-Server. The 
command ldapsearch -Y GSSAPI works find. But if I want to use it in my login process 
with the following files: /etc/openldap/ldap.conf and /etc/ldap.conf than the Client makes
an anaonymous bind to the Openldap-Server.

The manpage of openldap says:
SASL_MECH               GSSAPI
SASL_SECPROPS  	noplain,noanonymous,passcrd
# Need passcrd for the Kerberos tickets?

I'm actually using Suse Linux Version 9.1 with all patches.

On the server I tried to disallo the following configs to not allow anonymous binds:
disallow bind_simple
disallow bind_krbv4
disallow bind_anon
sasl-secprops passcred

But I can still make a simple bind with the -x option. 
I search a solution for allowing only GSSAPI binds from the Client to the Server with a 
TLS connection. (TLS is not the problem; it works but it is actually not activated in the 
config file!)

Thanks to everyone for his help. Have a nice evening.