[Date Prev][Date Next] [Chronological] [Thread] [Top]

openldap 2.4.6 and GSSAPI/kerberos

To: openldap-software@openldap.org
Subject: openldap 2.4.6 and GSSAPI/kerberos
From: "David E. Cross" <crossd@cs.rpi.edu>
Date: Mon, 19 Nov 2007 15:29:40 -0500 (EST)

Ok... after a bit of a struggle, I have gotten OpenLDAP 2.4.6 going with MIT kerberos 1.6.3 with some small caveats...

1: (and you know this already), the documentation for the slapd.d format is.. uhm.. bad. For example the "slapd.ldif" in the source isn't even valid, the "module" section (commented out, but there) is missing the "cn:" specifier.

2: The documentation throughout for specifying entries like the RootDN tells you (via example) to double quote it.. this generates errors.

2: There is something awry with the kerberos 5/gssapi setup for using a krb5 credential as a RootDN; according to your documentation it should be of the form:

uid=user/instance,cn=realm.com,cn=gssapi,cn=auth

This isn't working for me. After enabling Auth logging I found that it authenticated me as:

uid=user/instance,cn=gssapi,cn=auth

(note the lack of realm...) "why?" have I botched something (which I may have), or is there an error with the documentation?

--
David E. Cross

Follow-Ups:
- Re: openldap 2.4.6 and GSSAPI/kerberos
  - From: Howard Chu <hyc@symas.com>

Prev by Date: RE: Enabling TLS problem on openldap2-2.3.39
Next by Date: Re: openldap 2.4.6 and GSSAPI/kerberos
Index(es):
- Chronological
- Thread