[Date Prev][Date Next]
Re: Openldap/Sasl/GSSAPI on Debian: Key table entry not found
On Wednesday, 18 January 2012 11:06:45 Toomas Vendelin wrote:
> Thank you, Dan!
> Indeed, setting
> olcSaslHost: ldap.example.com
> instead of
> olcSaslHost: kdc.example.com
> solves the issue.
> Now, when I look back for what caused me this hiccup, this has come to
> my attention:
> - in slapd-config(5):
> olcSaslHost: <fqdn>
> Used to specify the fully qualified domain name used for SASL
> ... the description looks somewhat ambiguous to me.
SASL an be a bit ambiguous, and I don't see that the documentation should
necessarily cover specific SASL mechs, that is the responsibility of the SASL
> It would be less
> confusion, if it were "Host running a LDAP server" or similar.
But, that is the default (IOW, when you do not specify olcSaslHost it will use
the hostname of the server slapd is running on).
> perhaps just warning of a possible pitfall - my five cents :).
> And, of course, the Ubuntu tutorial page, that was plain whong, saying:
> "#The FQDN of the Kerberos KDC.
> olcSaslHost: kerberos.example.com"
> at https://help.ubuntu.com/community/OpenLDAPServer#Kerberos_Authentication
So one wonders why we are discussing it on this list ....