Re: Building OpenLDAP 3.3.35 with Kerberos on SLES9

[Ralf Haferkamp <rhafer@suse.de>]

On Tuesday 17 April 2007 23:33, Quanah Gibson-Mount wrote:
> --On Tuesday, April 17, 2007 5:29 PM -0400 Andrew Scott
>
> <ascott@appriss.com> wrote:
> > Confused is a very apt description of what I am right now.
> >
> > I'm wading through the nightmare that is getting Linux machines to auth
> > with Kerberos to Active Directory, and using OpenLDAP to do user/group
> > lookups instead of Winbind.
> >
> > I started down the road of getting Kerberos support compiled in because
> > ldapsearch would not auth using gssapi.  Sorting through all the
> > documentation, I found the -k option, and set about getting that to
> > work.
> >
> > -k still doesn't work, because I didn't compile kbind in, but after
> > doing what I did below, I ended up with an ldapsearch that WOULD auth
> > via SASL/GSS.  Simply doing the default build left me with an ldapsearch
> > utility that I couldn't use to search AD.
>
> Right, -k was specific to the old Kerberos v4 kbind functionality, and
> would never have allowed you to do a SASL/GSSAPI bind to AD anyway. ;)
>
> It sounds like the default build on SuSE just misses compiling Cyrus SASL
> against Heimdal.
No. But the SASL gssapi plugin is packed in a separate subpackage. I guess 
that the cyrus-sasl-gssapi package was not installed on the machine.

-- 
Ralf