[Date Prev][Date Next]
Re: Preauth error ldap heimdal kerberos
Am Wed, 24 Mar 2010 12:04:57 +0200
schrieb Μανόλης Βλαχάκης <email@example.com>:
> 2010/3/24 Buchan Milne <firstname.lastname@example.org>
> > On Tuesday, 23 March 2010 11:18:57 Μανόλης Βλαχάκης wrote:
> > > after reading the openldap admin guide you mentioned
> > > i understud that by using -X on the ldapsearch command
> > > i should use the authzTo attribus as you said
> > But, you haven't explained if or why you need to authorize to
> > different users.
> > IMHO, it looks plainly as if you have been using the -X flag by
> > mistake ...
> > The document you referred to doesn't use -X anywhere, only -x in
> > the case of
> > simple binds.
> > I want to do sasl bind not simple bind that's why i use the -X
> > flag! Am i
> what are you suggesting to do with the users? I believe that there is
> not need to have
> all users authoirized but only two for example only these who i have
> in kerberos
> ldapmaste and kadmin/admin! am i right? Take a look to my slapd.conf!
> My problem, is that i want to do sasl bind with password and not
> only with dn because now i do sasl bind only with one of the
> authorized dn!
Did you create a ldap service and host principal? If so, just use the
GSSAPI mechanism, something like 'ldapsearch -Y GSSAPI -H
ldap://some.host' and you may write an appropriate authz-regexp in oder
to match the sasl authentication string to a DN.
Dieter Klünter | Systemberatung
GPG Key ID:8EF7B6C6