[Date Prev][Date Next] [Chronological] [Thread] [Top]

Re: ldapwhoami translate sasl-name to dn

To: openldap-technical@openldap.org
Subject: Re: ldapwhoami translate sasl-name to dn
From: Dieter Klünter <dieter@dkluenter.de>
Date: Mon, 23 Dec 2019 21:30:51 +0100
In-reply-to: <3a67a460-1088-9f1e-828d-b42560ebb64f@kania-online.de>
Organization: AVCI
References: <3a67a460-1088-9f1e-828d-b42560ebb64f@kania-online.de>

Am Fri, 20 Dec 2019 20:54:13 +0100
schrieb Stefan Kania <stefan@kania-online.de>:

> Hello,
> 
> I try to do the authentication in LDAP via Kerberos. The
> Kerberos-Database is in LDAP, no problem, I can login to the system
> as a normal user but when I do a "ldapwhomami" I get the following
> output: -----------------
> u1-verw@ldapserver:~$ ldapwhoami
> SASL/GSSAPI authentication started
> SASL username: u1-verw@EXAMPLE.NET
> SASL SSF: 256
> SASL data security layer installed.
> dn:uid=u1-verw,cn=gssapi,cn=auth
> -----------------
> I would like to get the original DN from the user not the
> dn:*,cn=gssapi,cn=auth. So I put into my configuration:
[...]

I face the same problem with OpenIndiana. To my experience it's only 
GSSAPI, DIGEST-MD5 and CRAM-MD5 work as expected. But I must admit, it
is only on Solaris not on Linux.

-Dieter

-- 
Dieter Klünter | Systemberatung
http://sys4.de
GPG Key ID: E9ED159B
53°37'09,95"N
10°08'02,42"E

Follow-Ups:
- Re: ldapwhoami translate sasl-name to dn
  - From: dieter@dkluenter.de (Dieter Klünter)

References:
- ldapwhoami translate sasl-name to dn
  - From: Stefan Kania <stefan@kania-online.de>

Prev by Date: RE: ldap_bind: Invalid credentials at LDAPADD step in the QuickStart Guide
Next by Date: Re: ldapwhoami translate sasl-name to dn
Index(es):
- Chronological
- Thread