[Date Prev][Date Next] [Chronological] [Thread] [Top]

Handling slapd.d in OpenLDAP and Kerberos

 We are currently trying to use OpenLDAP as the database for Kerberos in our lab.
We installed OpenLDAP in Ubuntu 10.04 and is working without any problem (i,e. queries are showing the correct results)
But we are not able to get Kerberos authenticate via OpenLDAP.

For authenticating via OpenLDAP, the principles needs to be rewritten (using authz-policy and authz-regexp). We know how to do
that in older version of OpenLDAP which had (slapd.conf) but don't know how to do the same in new OpenLDAP which has slapd.d directory instead.
The manuals also doesn't say anything on this issue.

We did the following for testing authentication via Kerberos:

kinit username; ldapsearch -H ldaps://server.example.com

And we got this result:

SASL/DIGEST-MD5 authentication started
Please enter your password:
ldap_sasl_interactive_bind_s: Invalid credentials (49)
    additional info: SASL(-13): user not found: no secret in database

We just want to perform this:

authz-policy from

We think adding this in slapd.conf should serve the purpose. Any suggestions/help is highly appreciated.