Re: openldap and realm

["Kurt D. Zeilenga" <Kurt@OpenLDAP.org>]

At 06:38 AM 12/15/2005, Amir Saad wrote:
>i use fedors 4 , openldap 2.3.11 , cyrus-sasl 2.1.19
>i tested the sasl using the sample server and the sample client and both works 

Then you should be able to translate directly the configuration
of the sample server/client to OpenLDAP Software, assuming
you configured sample server/client to act as LDAP server/client
software.

>i tried to run ldapsearch ldap://test.mydomain.com  -R TEST.MYDOMAIN.COM -Y GSSAPI but i got an error 
>gss_accept_sec_context ldap , Invalid credentials
>and i traced the log file, ldap/machine@MYDOMAIN.COM <mailto:ldap/machine@MYDOMAIN.COM>  is not found
>note that my realm is TEST.MYDOMAIN.COM  not  MYDOMAIN.COM
>i added the sasl-realm and sasl-host to the slapd.conf but the same problem happened again

You should set sasl-host to the same value you provided to
the sample server -d option.  If you didn't provide a -d
option, you should go back and do that, and get that working.

IIRC, sasl-realm's value doesn't matter for GSSAPI. 
But you should be setting it to the same value you gave
the sample server via the -u option.

Note you should be running sample server on the target
server and sample client on the target client so as to
make sure their local environments are properly configured.
And you should be using -s ldap.

You should also make sure you are setting values for
sample server/client options, obtaining the appropriate
tickets, etc..

Kurt