[Date Prev][Date Next] [Chronological] [Thread] [Top]

Re: openldap + kerberos simple bind invalid credentials

Karen R McArthur wrote:
krb5-libs 1.2.5
openldap 2.2.15
cyrus-sasl 2.1.10
(will be upgrading to latest stable releases this summer)

I am attempting to enable simple binds through ldap for some applications. All of our passwords are stored in a kerberos database, all of our users have the userPassword field populated with {SASL}uid@REALM.EXAMPLE.COM, and krb5PrincipleName populated with uid@REALM.EXAMPLE.COM. I am getting no entries in my krb5kdc.log file - indicating to me that the simple bind is not even trying to query the kerberos database. I'm leaning toward the possibility that my sasl-regexp is wrong or that one of my configuration files is missing a parameter. Any ideas?

ldap_servers: ldap://
ldap_bind_dn: <proxy user DN>
ldap_bind_pw: <proxy user password>
ldap_auth_method: fastbind
ldap_search_base: dc=example,dc=com

Since your objective is to use saslauthd to allow authentication against a Kerberos database, configuring saslauthd to use LDAP is going to be highly unproductive.

 -- Howard Chu
 Chief Architect, Symas Corp.  http://www.symas.com
 Director, Highland Sun        http://highlandsun.com/hyc
 OpenLDAP Core Team            http://www.openldap.org/project/