[Date Prev][Date Next]
openldap gssapi bind
- To: email@example.com
- Subject: openldap gssapi bind
- From: Sajid K <firstname.lastname@example.org>
- Date: Sat, 2 Jun 2012 16:42:09 -0700
- Dkim-signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20120113; h=mime-version:date:message-id:subject:from:to:content-type; bh=a53cuwzmjjnQ0dsSUjAAXbmyQNXUujqg2Xnk1KpPpCU=; b=aYuh9m/O+qw/vWsZsregfKBOMBHb5td5Qr/pWgSy4D7ROrv29pH7ggjugA1QvodvA2 +Ur29dUwnM8WRDGlHEmrjKOtBNOUXGgTyaRcAyj7BG2YwCTKBOMjIUz3mgCWYUya7Df3 Z68IFvit2UY1EGjP71mlagnzKvZrull4Y/JTgerbL9l0AFNBTHwR6DYm8boLb4VPUAjr TnJfm3vG/LBNO/jvL5LI2/ewUM5Vs2Hg+gI1Bal6Cmj/XnO/RW594VKiowep/aS9Zr0+ 3DYRcZEoEvxVN/0DhyJPF2b5EFc0fAvesYHkghzTAEX1k98UdaEpX82qoH3I8eGfWVeo HsRg==
i'm writing an AD client for mac i'm able to get a kerberos ticket and can also bind to AD using ldap_gssapi_bind and everything works fine I can do searches modify/create attributes etc.
when I unbind and try to bind to a different server, it hangs in a "select" call inside openldap lib. even though I've successfully got a TGS ticket before binding.
I'm using heimdal for kerberos implementation. I also have cyrusSASL in the project.
in one of my test environments it tries to go back to old "server" to get ticket. so I'm assuming there is some sort of caching involved here.
before rebinding I always delete the credential cache file and krb5.conf and re create them for new server.
I'm not using an conf file with openldap.
What could be going on is there some kind of caching somewhere in library?
there are no errors when unbinding and I can also see a call getting to server when I unbind.