[Date Prev][Date Next]
RE: Building OpenLDAP 3.3.35 with Kerberos on SLES9
--On Tuesday, April 17, 2007 5:29 PM -0400 Andrew Scott
Confused is a very apt description of what I am right now.
I'm wading through the nightmare that is getting Linux machines to auth
with Kerberos to Active Directory, and using OpenLDAP to do user/group
lookups instead of Winbind.
I started down the road of getting Kerberos support compiled in because
ldapsearch would not auth using gssapi. Sorting through all the
documentation, I found the -k option, and set about getting that to
-k still doesn't work, because I didn't compile kbind in, but after
doing what I did below, I ended up with an ldapsearch that WOULD auth
via SASL/GSS. Simply doing the default build left me with an ldapsearch
utility that I couldn't use to search AD.
Right, -k was specific to the old Kerberos v4 kbind functionality, and
would never have allowed you to do a SASL/GSSAPI bind to AD anyway. ;)
It sounds like the default build on SuSE just misses compiling Cyrus SASL
against Heimdal. As long as you compile the *same* version of Cyrus SASL
against Heimdal, you likely don't even need to rebuild OpenLDAP, assuming a
dynamic build -- OpenLDAP simply calls out to Cyrus SASL to find out what
mechanisms are available (hint, see the -Y flag to ldapsearch).
Senior Systems Software Developer
ITS/Shared Application Services
GnuPG Public Key: http://www.stanford.edu/~quanah/pgp.html