[Date Prev][Date Next] [Chronological] [Thread] [Top]

Re: Problems with openLDAP + GSSAPI + JAVA

To: openldap-technical@openldap.org
Subject: Re: Problems with openLDAP + GSSAPI + JAVA
From: Clément OUDOT <clement.oudot@savoirfairelinux.com>
Date: Tue, 30 Jun 2015 16:44:41 +0200
In-reply-to: <20150630155923.5aaf3f77@pink.avci.de>
Organization: Savoir-Faire Linux
References: <559273F6.4020201@tugraz.at> <20150630155923.5aaf3f77@pink.avci.de>
User-agent: Mozilla/5.0 (X11; Linux x86_64; rv:31.0) Gecko/20100101 Thunderbird/31.7.0



Le 30/06/2015 15:59, Dieter Klünter a écrit :

Am Tue, 30 Jun 2015 12:48:22 +0200
schrieb Andreas Laesser <andreas.laesser@tugraz.at>:

Hi @all

I have a (maybe) a problem with my openldap server authenticating
over a JAVA tool (Apache Directory Studio LDAP Browser
V2.0.0.v20130628, jXplorer) via GSSAPI.

When I do a ldapsearch from command line via GSSAPI it works fine...


~ % klist
Ticket cache: FILE:/tmp/krb5cc_1086_lR4Nxxxxrs
Default principal: admin@SPSC.TUGRAZ.AT

Valid starting    Expires           Service principal
30/06/2015 10:54  02/07/2015 10:54
krbtgt/SPSC.TUGRAZ.AT@SPSC.TUGRAZ.AT renew until 10/07/2015 10:54
30/06/2015 10:54  02/07/2015 10:54
ldap/ldap1.spsc.tugraz.at@SPSC.TUGRAZ.AT renew until 10/07/2015 10:54


~ % ldapsearch -H ldaps://ldap1.spsc.tugraz.at -b
"dc=SPSC,dc=TUGRAZ,dc=AT"

This works well....

but if I try the same from one of the two tools mentioned above it
simply not bind or connects....

Does anybody had the same problems, or knows a solution?

If Kerberos is properly set up, you should use SASL GSSAPI, that is
ldapsearch -Y GSSAPI -H ldaps://some.host

If this can help, we wrote a documentation on how use Kerberos with LSC,which is a Java client :http://lsc-project.org/wiki/documentation/howto/kerberos


--
Clément OUDOT
Consultant en logiciels libres, Expert infrastructure et sécurité
Savoir-faire Linux

Next by Date: Thread cursor sharing
Index(es):
- Chronological
- Thread