[Date Prev][Date Next] [Chronological] [Thread] [Top]

Re: OpenLDAP Kerberos Authentication fails


On Mon, Oct 13, 2008 at 03:55:48PM -0700, Loren M. Lang wrote:
> I am using OpenLDAP 2.4.9 on Ubuntu Linux 8.04.1 with MIT Kerberos
> 1.6.3.  Created a keytab file dedicated to slapd and set the path to it
> using the environment variable KRB5_KTNAME in my startup scripts.  The
> file is owned by root and read-only by the openldap group.  When I
> attempt to use ldapsearch with GSSAPI to login to slapd I get back a
> implementation error 80.  Checking the server logs, slapd reported the
> following error:
> Failure: GSSAPI Error: Unspecified GSS failure.  Minor code may provide
> more information (Resource temporarily unavailable)

Slapd is protected by an AppArmor profile in 8.04.1. Using custom paths
requires updating the slapd profile since the process will probably not
be allowed to access them. 

See https://wiki.ubuntu.com/DebuggingApparmor for more information about
handling apparmor profiles.

Mathias Gug
Ubuntu Developer  http://www.ubuntu.com

Attachment: signature.asc
Description: Digital signature