Am 21.01.2011 16:02, schrieb Dan White: > On 21/01/11 11:45 +0100, Thomas Schweikle wrote: >> Hi! >> >> I kerberized ldap: >> dn: cn=config >> objectClass: olcGlobal >> cn: config >> olcAuthzRegexp: uid=(.*),cn=example.com,cn=gssapi,cn=auth >> uid=$1,ou=Users,dc=example,dc=com >> olcSaslHost: srv.example.com >> olcSaslRealm: EXAMPLE.COM >> >> In /etc/ldap/ldap.conf: >> BASE dc=example,dc=com >> URI ldap://srv.example.com >> SASL_MECH GSSAPI >> >> In /etc/ldap.conf >> base dc=example,dc=com >> uri ldap://srv.example.com >> ldap_version 3 >> rootbinddn cn=adm,dc=example,dc=com >> pam_password md5 >> >> I now try to connect to my ldap server: >> >> client:~$ kinit user >> Password for user@EXAMPLE.COM: >> client:~$ klist >> Ticket cache: FILE:/tmp/krb5cc_1000 >> Default principal: user@EXAMPLE.COM >> >> Valid starting Expires Service principal >> 01/21/11 11:32:03 01/21/11 21:32:03 krbtgt/EXAMPLE.COM@EXAMPLE.COM >> renew until 01/22/11 11:31:58 >> >> client:~$ ldapsearch -H ldap://srv.example.com >> SASL/DIGEST-MD5 authentication started >> Please enter your password: >> ldap_sasl_interactive_bind_s: Invalid credentials (49) >> additional info: SASL(-13): user not found: no secret in >> database > > See the FAQ entry on OpenLDAP+SASL+GSSAPI at: > > http://www.cyrusimap.org/mediawiki/index.php/FAQ > This refers to "pluginviewer": This program doesn't exist on the system. What package is it in on debian/ubuntu? -- Thomas
Attachment:
signature.asc
Description: OpenPGP digital signature