[Date Prev][Date Next] [Chronological] [Thread] [Top]

Re: custom hostname for openldap/sasl is not working

To: Bill MacAllister <whm@stanford.edu>
Subject: Re: custom hostname for openldap/sasl is not working
From: Zaar Hai <haizaar@haizaar.com>
Date: Thu, 2 Sep 2010 08:53:22 +0300
Cc: openldap-technical@openldap.org
In-reply-to: <6AD59F7D5FCA9BC7505885D6@10.0.0.32>
References: <AANLkTikpOc7gyOzX=VoT66ntpO2zYQScBVH1gYNsoRUY@mail.gmail.com> <AANLkTinSSO_1fg2e37zb4yLr9rmQe-dcQhZmosj7X1ZW@mail.gmail.com> <6AD59F7D5FCA9BC7505885D6@10.0.0.32>

On Thu, Sep 2, 2010 at 1:22 AM, Bill MacAllister <whm@stanford.edu> wrote:
>
> Simon Wilkinson discussed the problem on the Heimdal list.
>
>  The problem is that both the client and the server must have a
>  matching idea of the service principal to use in establishing the
>  GSSAPI connection.
>
>  The client will use ldap/ldap.uvm.edu, as that's the only name it
>  knows the server by. However, the server will end up using
>  ldap/hostname() and therefore the two won't match, and you'll get
>  these errors.
So what sasl-host directive is good for? It does something in fact -
if I enable it and set it to ldap.example.com, GSSAPI auth stop
working with the same error.

Also, I've tried to set server hostname to "ldap", and hostname --fqdn
returned ldap.example.com, but this did not help either.
-- 
Zaar

Follow-Ups:
- Re: custom hostname for openldap/sasl is not working
  - From: Bill MacAllister <whm@stanford.edu>

References:
- custom hostname for openldap/sasl is not working
  - From: Zaar Hai <haizaar@haizaar.com>

Prev by Date: Re: custom hostname for openldap/sasl is not working
Next by Date: Re: Back-ldap configuration and id-assertion.
Index(es):
- Chronological
- Thread