[Date Prev][Date Next] [Chronological] [Thread] [Top]

Re: Kerberized LDAP not accessible

To: openldap-technical@openldap.org
Subject: Re: Kerberized LDAP not accessible
From: Dieter Kluenter <dieter@dkluenter.de>
Date: Fri, 21 Jan 2011 19:11:03 +0100
In-reply-to: <4D39B977.9000509@vr-web.de>
Organization: AVCI
References: <4D3963E1.8050008@vr-web.de> <20110121150236.GB4353@dan.olp.net> <4D39AF06.2080103@vr-web.de> <20110121161703.GC4353@dan.olp.net> <4D39B977.9000509@vr-web.de>

Am Fri, 21 Jan 2011 17:51:03 +0100
schrieb Thomas Schweikle <tps@vr-web.de>:

> Am 21.01.2011 17:17, schrieb Dan White:
> > On 21/01/11 17:06 +0100, Thomas Schweikle wrote:
> >> Am 21.01.2011 16:02, schrieb Dan White:

[...]
> #ldapsearch -LLL -x -H ldap://srv.example.com -s "base" -b ""
> supportedSASLMechanisms
> dn:
> supportedSASLMechanisms: GSSAPI
> 
> #ldapsearch -Y GSSAPI -LLL -H ldap://srv.example.com -s "base" -b ""
> supportedSASLMechanisms
> SASL/GSSAPI authentication started
> ldap_sasl_interactive_bind_s: Other (e.g., implementation specific)
> error (80)
>         additional info: SASL(-1): generic failure: GSSAPI Error:
> Unspecified GSS failure.  Minor code may provide more information
> (Permission denied)

The user that runs slapd has no access to a keytab file.

-Dieter

-- 
Dieter Klünter | Systemberatung
http://dkluenter.de
GPG Key ID:DA147B05
53°37'09,95"N
10°08'02,42"E

Attachment: signature.asc
Description: PGP signature

References:
- Kerberized LDAP not accessible
  - From: Thomas Schweikle <tps@vr-web.de>
- Re: Kerberized LDAP not accessible
  - From: Dan White <dwhite@olp.net>
- Re: Kerberized LDAP not accessible
  - From: Thomas Schweikle <tps@vr-web.de>
- Re: Kerberized LDAP not accessible
  - From: Dan White <dwhite@olp.net>
- Re: Kerberized LDAP not accessible
  - From: Thomas Schweikle <tps@vr-web.de>

Prev by Date: Re: Kerberized LDAP not accessible
Next by Date: OpenLDAP server as a proxy to AD and local auth db
Index(es):
- Chronological
- Thread