[Date Prev][Date Next]
Re: Using back-ldap as a dumb proxy
--On Wednesday, February 21, 2007 11:52 PM +0100 Pierangelo Masarati
Quanah Gibson-Mount wrote:
--On Wednesday, February 21, 2007 2:39 PM -0800 Quanah Gibson-Mount
I'm trying to set up a very simply slapd that takes incoming requests
locally, and forwards them on to a remote server using SASL/GSSAPI to
get the information, so that a internal app that doesn't understand
SASL/GSSAPI can get the information it needs.
Never mind, I forgot to load the core schema. duh. :P
The proxy was a bit too dumb ;)
The problem I'm having now, is I can't get it to perform SASL/GSSAPI auth
to the remote proxy.
If I have:
# /etc/ldap/slapd.conf -- LDAP proxy slapd configuration file.
# Global Options
access to *
by * read
# LDAP Proxy Options
It correctly talks to the remote server with an anonymous bind. However,
if I change things around:
ldapsearch -LLL -x -h localhost -b "dc=stanford,dc=edu" uid=quanah
Inappropriate authentication (48)
The KRB5CCNAME is set in slapd's environment, so it has access to the
ticket cache it needs to use to perform SASL/GSSAPI. It is not talking to
the remote server at all.
Is there something here I'm missing?
I've also tried:
But then I get:
Authentication method not supported (7)
And again, it didn't talk to the remote server.
Principal Software Developer
ITS/Shared Application Services
GnuPG Public Key: http://www.stanford.edu/~quanah/pgp.html