[Date Prev][Date Next] [Chronological] [Thread] [Top]

Re: help with openldap-2.4.29-sasl-2.1.25 bind problems



On 03/04/12 15:04 +0000, luxInteg wrote:
Greetings,

i am new to this list.  I have a computer with these:-
cpu:        amd64  2 cores
os          linux 64bit  distro=cblfs  kernel-3.2.1, gcc-4.5.2
auth progs: MIT-kerberos-1.10, sasl-2.1.25. openldap-2.4.29

( I have an inhouse CA  and generated a  signed  Certicate/Key pair   on  this
machine running openssl-0.9.8  I transferred these and the cacert.pem file
securely to the machine above and these are included in the slapd.conf file )

I verified ldap is running without sasl  with the ldapsearch command  like
so:-
ldapsearch -xWLLL  "ou=people"   -H ldaps://tester.example.com

When I tried the same command for a sasl bind:-
ldappsearch -LLL  "ou=people"   -H ldaps://tester.example.com

I get this
###################################################
SASL/GSSAPI authentication started
ldap_sasl_interactive_bind_s: Invalid credentials (49)
	additional info: SASL(-13): authentication failure: GSSAPI Failure:
gss_accept_sec_context
###################################################

Check your kdc logs. Research what 'gss_accept_sec_context' and 'res_matched'
mean, since those appear to be errors returned from your krb5 library.

Make sure you are not hitting this bug in cyrus sasl:

https://bugzilla.cyrusimap.org/show_bug.cgi?id=3480

One way to determine if you are, is to perform your gssapi bind without
ldaps or starttls-over-ldap.

--------------
read1msg: ld 0x2018010 0 new referrals
read1msg:  mark request completed, ld 0x2018010 msgid 1
request done: ld 0x2018010 msgid 1
res_errno: 49, res_error: <SASL(-13): authentication failure: GSSAPI Failure:
gss_accept_sec_context>, res_matched: <>
ldap_free_request (origid 1, msgid 1)
ldap_int_sasl_bind: <null>
ldap_parse_sasl_bind_result
ber_scanf fmt ({eAA) ber:
ber_dump: buf=0x20eb750 ptr=0x20eb753 end=0x20eb7a5 len=82
--------------

--
Dan White