[Date Prev][Date Next] [Chronological] [Thread] [Top]

Re: gssapi and ldapsearch

--On Thursday, July 28, 2005 5:54 PM -0500 Alex S Moore <asmoore@edge.net> wrote:

I have searched, read, google'd, et.al. and am at a loss.

All that I want to do at this time is use ldapsearch with gssapi.  The
output is attached.

I created the keytab entry for the FQDN, but oddly, I had to use just
ldap/host without the dns domain name.  That really does not matter, but
it is in the output.

After running the first ldapsearch, I see the ticket for the ldap
server, service principal ldap/sws602@MCSUN.LOCAL.  The kdc is happy
and records the TGS_REQ as successful.

But this line from ldapsearch debug output is most puzzling:
ldap_sasl_interactive_bind_s: Internal (implementation specific) error
(80) additional info: SASL(-1): generic failure: GSSAPI Error:
Miscellaneous failure (File exists)

Did you look at what errors the server was returning?


Quanah Gibson-Mount
Principal Software Developer
ITSS/Shared Services
Stanford University
GnuPG Public Key: http://www.stanford.edu/~quanah/pgp.html

"These censorship operations against schools and libraries are stronger
than ever in the present religio-political climate. They often focus on
fantasy and sf books, which foster that deadly enemy to bigotry and blind
faith, the imagination." -- Ursula K. Le Guin