[Date Prev][Date Next] [Chronological] [Thread] [Top]

Re: SASL GSSAPI authentication with Sun Java Directory Server 5.2P4

Andrew Deason wrote:
I am trying to use OpenLDAP's ldapsearch to connect to a Sun DS 5.2
server using SASL/GSSAPI to authenticate. The setup works perfectly
fine on Solaris clients, but not on Linux ones using OpenLDAP's
ldapsearch (Debian sid on x86). Instead, it always gives the following

SASL/GSSAPI authentication started
ldap_sasl_interactive_bind_s: Invalid credentials (49)
        additional info: SASL(-13): authentication failure: GSSAPI
Error: Unspecified GSS failure.  Minor code may provide more
information (Unknown code 188)

This error is coming from the DS server (right?), so I know this may
not be OpenLDAP's problem. I was just wondering if anyone else had
encountered this problem, or if there are any workarounds or anything,
or if this is known to just not work at all.

Yes, what you've posted indicates an error that came from the server. You would need to look at the error logs on the server to get a better idea what went wrong.

No, there's no particular reason why it would not work. Most likely you have a hostname or servicename misconfigured somewhere. It may help you to compare the output from klist on the different clients.

I'm using the Cyrus SASL implementation with MIT Kerberos. I tried this
with ldapsearch 2.3.30 and 2.2.23.

Usually a Kerberos-specific error code is several digits long. That error code 188 seems pretty odd. It may well be a Solaris errno value, but even then it shouldn't log as an Unknown code.

It seems you're going to have to ask Sun support for help on this one. Good luck.

-- Andrew Deason adeason2@uiuc.edu

  -- Howard Chu
  Chief Architect, Symas Corp.  http://www.symas.com
  Director, Highland Sun        http://highlandsun.com/hyc
  Chief Architect, OpenLDAP     http://www.openldap.org/project/