[Date Prev][Date Next] [Chronological] [Thread] [Top]

Re: ldapsearch error with sasl

To: OpenLDAP-software <OpenLDAP-software@OpenLDAP.org>
Subject: Re: ldapsearch error with sasl
From: Andreas Hasenack <ahasenack@terra.com.br>
Date: Fri, 18 Aug 2006 15:18:10 -0300
Content-disposition: inline
In-reply-to: <1155918108.5869.6.camel@daimyo.ironman.es>
References: <1155918108.5869.6.camel@daimyo.ironman.es>
User-agent: Mutt/1.5.11

On Fri, Aug 18, 2006 at 06:21:47PM +0200, chechu chechu wrote:
> Hi
> 
> i have gssapi correctly installed...but i get thius error with
> ldapsearch :
> 
> root@shogun:~# ldapsearch -D "cn=admin,dc=ironman,dc=es" -w secret 
> SASL/LOGIN authentication started
> ldap_sasl_interactive_bind_s: Invalid credentials (49)
>         additional info: SASL(-13): user not found: checkpass failed
> 
> if i do with -x, it works, but I need sasl.

-D and -w are meaningless with SASL binds.

There are several things that have to be setup in order to have
SASL/GSSAPI working. Some that spring to mind:
- do you have the sasl gssapi plugin installed on both the client and
  the server?
- do you have the TGT ticket?
- does your ldap server have the ldap/<fqdn>@REALM principal account in
  kerberos?
- can your ldap server read the ldap/<fqdn>@REALM keytab file? Is it
  really the one you extracted from your kerberos server?
- is the clock correct in all machines, including timezones?

Prev by Date: Re: Debug help required for 2.3.25 with bdb 4.2.52 with 5 patches
Next by Date: Re: Debug help required for 2.3.25 with bdb 4.2.52 with 5 patches
Index(es):
- Chronological
- Thread