[Date Prev][Date Next] [Chronological] [Thread] [Top]

Re: LDAP Client & Server with Kerberos

--On January 7, 2008 12:06:40 AM -0800 sanjay gupta <sanjay_cs1983@yahoo.com> wrote:

ldapsearch with debugging enabled and see what it's doing :-

[root@localhost tools]# ./ldapsearch -Y GSSAPI  -d  1
ldap_sasl_interactive_bind_s: user selected: GSSAPI
ldap_int_sasl_bind: GSSAPI
ldap_new_connection 1 1 0
ldap_connect_to_host: TCP
ldap_new_socket: 3
ldap_prepare_socket: 3
ldap_connect_to_host: Trying
ldap_connect_timeout: fd: 3 tm: -1 async: 0
ldap_int_sasl_open: host=localhost.localdomain
ldap_sasl_interactive_bind_s: Unknown authentication method (-6)
        additional info: SASL(-4): no mechanism available: No worthy
mechs found

It seems that LDAP server has not  GSSAPI available.

So how can we add GSSAPI support in LDAP server for making it work??

SASL mechanism support is determined by what mechanisms Cyrus-sasl has available to it. Install the appropriate SASL mechansisms package on your particular distribution, or if you are building it yourself, make sure you've built cyrus-sasl against a Kerberos implementation.



Quanah Gibson-Mount
Principal Software Engineer
Zimbra, Inc
Zimbra ::  the leader in open source messaging and collaboration