[Date Prev][Date Next] [Chronological] [Thread] [Top]

GSSAPI, OpenLDAP 2.0.21 and core dump



I am trying to build a V3 compliant OpenLDAP server on a Sun Solaris 8 UltraSparc E250 using Sun WorkShop 5.

I have a working Kerberos infrastructure based on MIT 1.2.3, and have downloaded and installed both the Sleepy Cat DB 3.3 and the Cyrus SASL 1.5.27. After much pain and suffering, I have successfully confirmed that the SASL library is working properly against the Kerberos (using the sample client and server).

However, after building and compiling OpenLDAP against SASL, I am attempting to use the "OpenLDAP, OpenSSL, SASL and Kerberos V HOWTO" document as a guide. The daemons appear to work at first:

*****
$ klist
Ticket cache: /tmp/krb5cc_100
Default principal: abrock@GEORGEFOX.EDU

Valid starting Expires Service principal
Wed Jan 30 14:30:38 2002 Wed Jan 30 17:01:14 2002 krbtgt/GEORGEFOX.EDU@GEORGEFOX.EDU
Wed Jan 30 14:38:32 2002 Wed Jan 30 17:01:14 2002 ldap/scripts.georgefox.edu@GEORGEFOX.EDU
$ ldapsearch -L -h scripts.georgefox.edu -x -b "" -s base -LLL supportedSASLMechanisms
dn:
supportedSASLMechanisms: GSSAPI


$
*****

However, when I attempt the following command I see a core dump:

*****
$ ldapsearch -L -h scripts.georgefox.edu -I -b "" -s base -LLL supportedSASLMechanisms
SASL/GSSAPI authentication started
SASL Interaction
Please enter your authorization name: abrock
ldap_sasl_interactive_bind_s: Can't contact LDAP server
$
*****


Any attempts to use the "-H ldap://scripts.georgefox.edu/"; or "-H ldaps://scripts.georgefox.edu/" notation result in:

*****
$ ldapsearch -L -H ldap://scripts.georgefox.edu/ -x -b "" -s base -LLL -ZZ supportedSASLMechanisms
ldap_start_tls: Connect error
additional info: error:24064064:random number generator:SSLEAY_RAND_BYTES:PRNG not seeded
$ ldapsearch -L -H ldaps://scripts.georgefox.edu/ -x -b "" -s base -LLL supportedSASLMechanisms
ldap_bind: Can't contact LDAP server
additional info: error:24064064:random number generator:SSLEAY_RAND_BYTES:PRNG not seeded
$
*****


I believe this may be a certificate problem, though queries work correctly from within Netscape's addressbook.

Please advise as I am stumped. I can live with the certificate mystery for the moment. However, I REALLY need the Kerberos to work!

Thanks in advance!

Tony

******************************************************************************
* Anthony Brock                                         abrock@georgefox.edu *
* Director of Network Services                         George Fox University *
******************************************************************************