[Date Prev][Date Next] [Chronological] [Thread] [Top]

Re: custom hostname for openldap/sasl is not working

On Thu, Sep 2, 2010 at 1:22 AM, Bill MacAllister <whm@stanford.edu> wrote:
> Simon Wilkinson discussed the problem on the Heimdal list.
>  The problem is that both the client and the server must have a
>  matching idea of the service principal to use in establishing the
>  GSSAPI connection.
>  The client will use ldap/ldap.uvm.edu, as that's the only name it
>  knows the server by. However, the server will end up using
>  ldap/hostname() and therefore the two won't match, and you'll get
>  these errors.
So what sasl-host directive is good for? It does something in fact -
if I enable it and set it to ldap.example.com, GSSAPI auth stop
working with the same error.

Also, I've tried to set server hostname to "ldap", and hostname --fqdn
returned ldap.example.com, but this did not help either.