[Date Prev][Date Next] [Chronological] [Thread] [Top]

Re: LDAP Client & Server with Kerberos

On Monday 07 January 2008 10:06:40 sanjay gupta wrote:
>  ldapsearch with debugging enabled and see what it's doing :-

Well, debuggins is unnecessary, as the normal output provides everything 
useful ...

> [root@localhost tools]# ./ldapsearch -Y GSSAPI  -d  1
> ldap_create
> ldap_sasl_interactive_bind_s: user selected: GSSAPI
> ldap_int_sasl_bind: GSSAPI
> ldap_new_connection 1 1 0
> ldap_int_open_connection
> ldap_connect_to_host: TCP
> ldap_new_socket: 3
> ldap_prepare_socket: 3
> ldap_connect_to_host: Trying
> ldap_connect_timeout: fd: 3 tm: -1 async: 0
> ldap_int_sasl_open: host=localhost.localdomain
> ldap_perror
> ldap_sasl_interactive_bind_s: Unknown authentication method (-6)
>         additional info: SASL(-4): no mechanism available: No worthy mechs
> found
> It seems that LDAP server has not
>  GSSAPI available.
> So how can we add GSSAPI  support in LDAP server for making it work??

If you provide more information (OS/distro etc.) you may get more help, but 
most likely the SASL GSSAPI plugin is not installed. On some Linux 
distributions, SASL plugins are shipped as separate packages, 'yum search 
sasl' or 'apt-cache search sasl' or 'urpmq -y sasl' may lead you to the right 
package to install.