[Date Prev][Date Next] [Chronological] [Thread] [Top]

Re: openldap+sasl error



At 02:51 AM 8/9/2006, chechu chechu wrote:
>yeah¿ i know the -x is for simple auth, but my pdc is working now with
>openldap+ssl+samba, and i wanT add kerberos+openafs, and i have to get
>the sasl auth, and the error trhat i get with
>
> ldapsearch -D "cn=admin,dc=ironman,dc=es" -w secret -d 16383

Why do you specify a Bind DN when intending to SASL authentication?
Per the specification, the server ignores any Bind DN.

As noted repeatedly on this list, before you attempt SASL authentication
with OpenLDAP Software, you should first make sure SASL authentication
using Cyrus SASL sample/test programs works.  And if you intent is
to use Kerberos authentication, before you even try the SASL GSSAPI
mechanism in Cyrus SASL sample/test programs, you likely should make
your Kerberos environment is healthy.

-- Kurt


>is:
>
>
>ldap_msgfree
>ldap_sasl_interactive_bind_s: server supports: GSSAPI NTLM LOGIN PLAIN
>DIGEST-MD5 CRAM-MD5
>ldap_int_sasl_bind: GSSAPI NTLM LOGIN PLAIN DIGEST-MD5 CRAM-MD5
>ldap_int_sasl_open: host=shogun.ironman.es
>SASL/GSSAPI authentication started
>ldap_perror
>ldap_sasl_interactive_bind_s: Local error (-2)
>        additional info: SASL(-1): generic failure: GSSAPI Error:
>Miscellaneous failure (No credentials cache found)
>
>
>thanks