[Date Prev][Date Next]
[Chronological]
[Thread]
[Top]
OpenLdap and Kerberos for oVirt on f19
- To: openldap-technical@openldap.org
- Subject: OpenLdap and Kerberos for oVirt on f19
- From: Piotr Kliczewski <piotr.kliczewski@gmail.com>
- Date: Thu, 14 Nov 2013 11:01:00 +0100
- Cc: engine-devel <engine-devel@ovirt.org>
- Dkim-signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20120113; h=mime-version:date:message-id:subject:from:to:cc:content-type; bh=xVfSR4QXZqswWOzd/yL+KOvVoexzlfeZ2HztaBPCG/M=; b=mbsa8Qlas7t127SIDFdGPtBpyQCgT5g1qJUB9TR0jv++BUfMp+rdpwS0+SC1uEhOQR krI3VV1Nu44rEBQIim0U2u3V2TDnpsobse9zgYs8v5L+fsxsXePgaxf4Ltjd+FIdDFFA k82T4n3TIAmQFe/XGeZocc/x8Ls6Sh4r3LTwYlfh+y7bvsC3x/k4iRPmeIjdIIs2EzJQ jmxLs8i0//iqNE4HU+B7E/iWtiAZJ2A0sUKEJMQNzoE9n/QKXGcHCHaT3c5XKDpKVVse j/c6I/hkXInLmakt1GplubpE0PVUvbx9pZJNlk5QID6wR75TVdue6IY3yo9KO3xUsX/s ekDw==
Hello everyone,
I working on configuring OpenLdap 2.4.36 with kerberos for oVirt running on f19.
I follow following instruction:
https://bugzilla.redhat.com/show_bug.cgi?id=967327#c5
Please note that the instruction was written for f18. In order to have
step 18 working from
command line I had to set SASL_NOCANON to off. The reason was that I got:
ldap_sasl_interactive_bind_s: Invalid credentials (49)
additional info: SASL(-13): authentication failure: GSSAPI Failure:
gss_accept_sec_context
When SASL_NOCANON is off I can search the ldap but have the same issue
from java code:
I got javax.naming.AuthenticationException: [LDAP: error code 49 -
SASL(-13): authentication failure: GSSAPI Failure:
gss_accept_sec_context].
Have this when connecting using engine-manage-domains
(http://gerrit.ovirt.org/gitweb?p=ovirt-engine.git;a=blob;f=backend/manager/modules/utils/src/main/java/org/ovirt/engine/core/utils/kerberos/JndiAction.java;h=467d64cb03523ba7e5144a57d6a60428f039656f;hb=refs/heads/master
line 84).
Can you please point me where is my config issue?
I copied engine-devel for reference.
Thanks,
Piotr