[Date Prev][Date Next]
Re: [Engine-devel] OpenLdap and Kerberos for oVirt on f19
On Thu, Nov 14, 2013 at 11:05 AM, Juan Hernandez <email@example.com> wrote:
> On 11/14/2013 11:01 AM, Piotr Kliczewski wrote:
>> Hello everyone,
>> I working on configuring OpenLdap 2.4.36 with kerberos for oVirt running on f19.
>> I follow following instruction:
>> Please note that the instruction was written for f18. In order to have
>> step 18 working from
>> command line I had to set SASL_NOCANON to off. The reason was that I got:
>> ldap_sasl_interactive_bind_s: Invalid credentials (49)
>> additional info: SASL(-13): authentication failure: GSSAPI Failure:
>> When SASL_NOCANON is off I can search the ldap but have the same issue
>> from java code:
>> I got javax.naming.AuthenticationException: [LDAP: error code 49 -
>> SASL(-13): authentication failure: GSSAPI Failure:
>> Have this when connecting using engine-manage-domains
>> line 84).
>> Can you please point me where is my config issue?
>> I copied engine-devel for reference.
> Do you have the cyrus-sasl-gssapi package installed? That should have
> been part of step 1. Try this:
> # yum -y install cyrus-sasl-gssapi
> I think that once that is installed you shouldn't need to set
> SASL_NOCANON off.
You are right the package was not installed I restarted slapd, krb5kdc
and kadmin after installing. I kinit one more time and tried to
ldapsearch as in step 18 but with the same result.
> Dirección Comercial: C/Jose Bardasano Baos, 9, Edif. Gorbea 3, planta
> 3ºD, 28016 Madrid, Spain
> Inscrita en el Reg. Mercantil de Madrid – C.I.F. B82657941 - Red Hat S.L.