[Date Prev][Date Next]
Re: custom hostname for openldap/sasl is not working
On Thu, Sep 2, 2010 at 1:22 AM, Bill MacAllister <firstname.lastname@example.org> wrote:
> Simon Wilkinson discussed the problem on the Heimdal list.
> The problem is that both the client and the server must have a
> matching idea of the service principal to use in establishing the
> GSSAPI connection.
> The client will use ldap/ldap.uvm.edu, as that's the only name it
> knows the server by. However, the server will end up using
> ldap/hostname() and therefore the two won't match, and you'll get
> these errors.
So what sasl-host directive is good for? It does something in fact -
if I enable it and set it to ldap.example.com, GSSAPI auth stop
working with the same error.
Also, I've tried to set server hostname to "ldap", and hostname --fqdn
returned ldap.example.com, but this did not help either.