[Date Prev][Date Next] [Chronological] [Thread] [Top]

SASL working but kerberos DOMAIN is not set

I have setted openldap+sasl+kerberos.
It is working but the keberos realm is not seted in the bind dn, why?

Here is my session:

sioux@gustav$ ldapsearch -Y GSSAPI -b "" -s base -LLL supportedSASLMechanisms
SASL/GSSAPI authentication started
SASL username: sioux@UFV.BR
SASL data security layer installed.
supportedSASLMechanisms: OTP
supportedSASLMechanisms: NTLM
supportedSASLMechanisms: GSSAPI
supportedSASLMechanisms: DIGEST-MD5
supportedSASLMechanisms: CRAM-MD5


Here is what i got from slapd err output :

do_bind: dn () SASL mech GSSAPI
slap_sasl_getdn: u:id converted to uid=sioux,cn=GSSAPI,cn=auth
>>> dnNormalize: <uid=sioux,cn=GSSAPI,cn=auth>
<<< dnNormalize: <uid=sioux,cn=gssapi,cn=auth>
==>slap_sasl2dn: converting SASL name uid=sioux,cn=gssapi,cn=auth to a DN
<==slap_sasl2dn: Converted SASL name to <nothing>
SASL Authorize [conn=1001]:  proxy authorization allowed authzDN=""
send_ldap_sasl: err=0 len=-1
do_bind: SASL/GSSAPI bind: dn="uid=sioux,cn=gssapi,cn=auth" sasl_ssf=56
send_ldap_response: msgid=3 tag=97 err=0
ber_flush2: 14 bytes to sd 13

Any ideia about what is going on ?