Re: LDAP, SASL2, and KERBEROS5

[O Plameras <oscarp@acay.com.au>]

Hi Jose,

Got it to work.

In the end it was ownership of /etc/openldap/ldap.keytab.
-rw-------          1    root     root        284     Aug 20   
09:54      ldap.keytab

Changed to
-rw-------          1    ldap     root        284     Aug 20   
09:54      ldap.keytab

Thanks for pointing out "KRB5_KTNAME". Works like a dream.

I had other problems with my /etc/init.d/ldap but in the
end you're right. It's to do with keytab info not being
made available to Kerberos.

Thanks again.

Jose Gonzalez Gomez wrote:

>    You are able to kinit correctly, and it seems the only failing 
> stuff is the LDAP authentication. This, combined with the error you 
> posted, makes me think you must have indicated OpenLDAP a location 
> where it cannot find its keytab. How are you telling OpenLDAP where to 
> fins its keytab? Do you have a KRB5_KTNAME environmente variable 
> defined? Where does it point?
>
>    Best regards
>    Jose
>
> O Plameras wrote:
>
> > Initially, I have my keytab in /etc/openldap/ldap.keytab.
> > Then, I deleted it and have it in /etc/krb5.keytab.
> >
> > I still get the same problem.