Re: Enable SASL and GSSAPI authentication

[Dan White <dwhite@olp.net>]

On 22/12/10 11:00 +0100, Jörg Herzinger wrote:
> Hi, I've been running openLDAP with GSSAPI authentication for quite a 
> while now and everything has been running quite fine. The last days I 
> tried enabling SASL password auth as described in [1]
> Now password authentication works fine, but it seems that GSS somehow 
> has been disabled:
>
> root@ldap1 ~ # ldapsearch -x -H ldap:// -b '' -s base -LLL 
> supportedSASLMechanisms
> dn:
>
> While without SASL enabled I get:
>
> root@ldap1 ~ # ldapsearch -x -H ldap:// -b '' -s base -LLL 
> supportedSASLMechanisms
> dn:
> supportedSASLMechanisms: GSSAPI
>
> Is it possible to enable both, GSS and SASL pass through auth? I 
> checked the dokumentation and couldn't find a clue if it is or not.
>
> openLDAP version is 2.4.11 on Debian Lenny, Kerberos is MIT version 
> 1.6 also on Lenny. Slapd config can be found here [2]

If you've strictly followed the pass-through section of the admin guide,
you may have ran into a problem with this example sasl configuration:

mech_list: plain
pwcheck_method: saslauthd
saslauthd_path: /var/run/sasl2/mux

If that's what you've used, you should either comment out the mech_list
line or add 'gssapi' to it.

If that's not the case, can you post your sasl slapd.conf? Are there any
other changes involved in your configuration, other than modifying the
userPassword attribute in your user entries?

--
Dan White