[Date Prev][Date Next] [Chronological] [Thread] [Top]

Re: GSSAPI not in supportedSASLMechanism

To: shuva brata deb <shuvabrata@yahoo.com>
Subject: Re: GSSAPI not in supportedSASLMechanism
From: "Kurt D. Zeilenga" <Kurt@OpenLDAP.org>
Date: Wed, 16 Jan 2002 18:11:43 -0800
Cc: openldap-software@OpenLDAP.org
In-reply-to: <20020116092935.82595.qmail@web20707.mail.yahoo.com>

Likely the Cyrus's GSSAPI mechanism plugin is loading,
likely because of some unresolved dependency.  Check
your logs.

Kurt

At 01:29 AM 2002-01-16, shuva brata deb wrote:
>Hi,
>
>I am trying to configure OpenLdap 2.0.15 on HP-UX
>10.20  with GSSAPI as the authentication mechanism. I
>have Kerberos krb5-1.2.2 installed and it works fine,
>( i mean i can use kadmin, ktadd, ktrem, kinit, klist,
>kdestroy successfully). I have cyrus-sasl-1.5.27
>installed and its sample client and sample server test
>passes successfully selecting GSSAPI as the best
>mechanism. I also have ldbm version db-4.0.14
>installed. While configuring OpenLdap , when i run
>make test , i donot see GSSAPI as the
>supportedSASLmechanism. I get PLAIN, SIMPLE,
>ANONYMOUS, CRAM-MD5 and DIGEST-MD5 as the supported
>mechanisms. All tests pass successfully.    
>
>
>   After installing OpenLdap i can add and remove
>entries, however when i execute the following command.
>
>
>%>  ldapsearch -x -s base -b ""
>supportedSASLMechanisms
>
>i get the following output.
>  
>
>-----------------------------------------------------------------------------
>
>version: 2
>
>#
># filter: (objectclass=*)
># requesting: supportedSASLMechanisms 
>#
>
>#
>dn:
>supportedSASLMechanisms: LOGIN
>supportedSASLMechanisms: PLAIN
>supportedSASLMechanisms: ANONYMOUS
>supportedSASLMechanisms: DIGEST-MD5
>supportedSASLMechanisms: CRAM-MD5
>
># search result
>search: 2
>result: 0 Success
>
># numResponses: 2
># numEntries: 1
> 
>--------------------------------------------------------------------------------
>
>
>I cant understand why GSSAPI is not listed as a
>supportedSASLmechanism. ?
>
>
>I configured OpenLdap with the following options:
>
>%> ./configure --with-cyrus-sasl --with-kerberos
>--with-tls --enable-slapd  --enable-crypt
>--enable-kpasswd --enable-spasswd --enable-ldbm
>--enable-cleartext --enable-debug.     
>
>
>Can anybody provide some information, why GSSAPI is
>missing as a mechanism for LDAP.
>
>
>My ldap.conf file is as follows.
>
>----------------------------------------------------------------------------------------
># $OpenLDAP: pkg/ldap/servers/slapd/slapd.conf,v
>1.8.8.7 2001/09/27 20:00:31 kurt Exp $
>#
># See slapd.conf(5) for details on configuration
>options.
># This file should NOT be world readable.
>#
>include        
>/usr/local/etc/openldap/schema/core.schema
>include        
>/usr/local/etc/openldap/schema/cosine.schema
>include        
>/usr/local/etc/openldap/schema/inetorgperson.schema
>
>schemacheck    off
>
># Define global ACLs to disable default read access.
>
># Do not enable referrals until AFTER you have a
>working directory
># service AND an understanding of referrals.
>#referral       ldap://root.openldap.org
>
>pidfile         /usr/local/var/slapd.pid
>argsfile        /usr/local/var/slapd.args
>
># Load dynamic backend modules:
># modulepath    /usr/local/libexec/openldap
># moduleload    back_ldap.la
># moduleload    back_ldbm.la
># moduleload    back_passwd.la
># moduleload    back_shell.la
>
>#
># Sample Access Control
>#       Allow read access of root DSE
>#       Allow self write access
>#       Allow authenticated users read access
>#       Allow anonymous users to authenticate
>#
>access to * by * write
>#access to dn="" by * read
>#access to *
>#       by self write
>#       by users read
>#       by anonymous auth
>#
># if no access controls are present, the default is:
>#       Allow read by all
>#
># rootdn can always write!
>
>
>access to *
>              by * write
>              by * read
>              by * auth
>              by self write
>              by users read
>              by anonymous auth
>
>
># ldbm database definitions
>#######################################################################
>
>sasl-realm          SCE.BRV.COM
>sasl-host           sce.BRV.com
>sasl-secprops       none
>
>database        ldbm
>#suffix         "dc=my-domain,dc=com"
>suffix          "o=MYLDAP,c=US"
>#rootdn         "cn=Manager,dc=my-domain,dc=com"
>rootdn          "cn=root,o=MYLDAP,c=US"
>#rootdn         "uid=root@MYLDAP.COM"
>
>
># Cleartext passwords, especially for the rootdn,
>should
># be avoid.  See slappasswd(8) and slapd.conf(5) for
>details.
># Use of strong authentication encouraged.
>rootpw          secret
># The database directory MUST exist prior to running
>slapd AND
># should only be accessible by the slapd/tools. Mode
>700 recommended.
>directory       /usr/local/var/openldap-ldbm
># Indices to maintain
>index   objectClass     eq
>
>-----------------------------------------------------------------------------------------
>
>Regards,
>Shuva.//
>
>__________________________________________________
>Do You Yahoo!?
>Send FREE video emails in Yahoo! Mail!
>http://promo.yahoo.com/videomail/

Follow-Ups:
- Re: GSSAPI not in supportedSASLMechanism
  - From: "Kurt D. Zeilenga" <Kurt@OpenLDAP.org>

References:
- GSSAPI not in supportedSASLMechanism
  - From: shuva brata deb <shuvabrata@yahoo.com>

Prev by Date: Re: What is this error due to ?
Next by Date: Re: LDAP load ballancer / proxy ?
Index(es):
- Chronological
- Thread