[Date Prev][Date Next] [Chronological] [Thread] [Top]

Use GSSAPI Mechanism to authenticate against openldap server

To: openldap-software@OpenLDAP.org
Subject: Use GSSAPI Mechanism to authenticate against openldap server
From: "S.B." <Seb.ADIO@gmx.de>
Date: Mon, 22 Nov 2004 20:54:02 +0100
Content-description: Mail message body
In-reply-to: <011501c4d0b1$fa024ca0$0a01a8c0@harpo>

Hello list,

I'm trying to authenticate with the GSSAPI mechanism to the Openldap-Server. The 
command ldapsearch -Y GSSAPI works find. But if I want to use it in my login process 
with the following files: /etc/openldap/ldap.conf and /etc/ldap.conf than the Client makes
an anaonymous bind to the Openldap-Server.

The manpage of openldap says:
SASL_MECH               GSSAPI
SASL_REALM             REALM.NET
SASL_SECPROPS  	noplain,noanonymous,passcrd
# Need passcrd for the Kerberos tickets?

I'm actually using Suse Linux Version 9.1 with all patches.


On the server I tried to disallo the following configs to not allow anonymous binds:
disallow bind_simple
disallow bind_krbv4
disallow bind_anon
sasl-secprops passcred

But I can still make a simple bind with the -x option. 
I search a solution for allowing only GSSAPI binds from the Client to the Server with a 
TLS connection. (TLS is not the problem; it works but it is actually not activated in the 
config file!)

Thanks to everyone for his help. Have a nice evening.


Sebastian

Follow-Ups:
- Re: Use GSSAPI Mechanism to authenticate against openldap server
  - From: Dieter Kluenter <dieter@dkluenter.de>

References:
- Re: Multiple suffix definitions
  - From: "Jonathan Mangin" <jon.mangin@comcast.net>

Prev by Date: Re: atomic number generator
Next by Date: getting Friendly country to work in a very simple setup
Index(es):
- Chronological
- Thread