Package: libnss-ldapd Version: 0.6.4 Severity: wishlist Hello,
I try to setup en kerberos/LDAP environment and I fail to setup the nss-ldap with SASL. As libnss-ldapd use a separate daemon to make the LDAP request it seems legitimate to permit to specify a keytab to initiate a kinit when starting, possibly with renew/reinit on ticket expiry. My configuration: ==== BEGIN NSCD CONFIG ==== # /etc/nss-ldapd.conf # nss-ldapd configuration file. See nss-ldapd.conf(5) # for details. # The user and group nslcd should run as. uid nslcd gid nslcd # The location at which the LDAP server(s) should be reachable. uri ldap://192.168.122.4 # The search base that will be used for all queries. base dc=baby-gnu,dc=org # The LDAP protocol version to use. #ldap_version 3 # The DN to bind with for normal lookups. #binddn #bindpw secret # The search scope. #scope sub use_sasl on sasl_authcid host/[EMAIL PROTECTED] ==== END NSCD CONFIG ==== I enable ldap search only for group during test, I run nslcd -d from the command line: ==== BEGIN DEBUG OUTPUT ==== nslcd: DEBUG: add_uri(ldap://192.168.122.4) nslcd: /etc/nss-ldapd.conf:25: option use_sasl is currently not fully supported (please report any successes) nslcd: /etc/nss-ldapd.conf:26: option sasl_authcid is currently not fully supported (please report any successes) nslcd: version 0.6.4 starting nslcd: DEBUG: unlink() of /var/run/nslcd/socket failed (ignored): No such file or directory nslcd: DEBUG: setgroups(0,NULL) done nslcd: DEBUG: setgid(105) done nslcd: DEBUG: setuid(104) done nslcd: accepting connections nslcd: [8b4567] DEBUG: connection from pid=4179 uid=0 gid=0 nslcd: [8b4567] DEBUG: nslcd_group_all() nslcd: [8b4567] DEBUG: myldap_search(base="dc=baby-gnu,dc=org", filter="(objectClass=posixGroup)") nslcd: [8b4567] DEBUG: SASL bind to ldap://192.168.122.4 as (null) nslcd: [8b4567] failed to bind to LDAP server ldap://192.168.122.4: Local error: No such file or directory nslcd: [8b4567] no available LDAP server found, sleeping 1 seconds nslcd: [8b4567] no available LDAP server found ^Cnslcd: caught signal SIGINT (2), shutting down nslcd: version 0.6.4 bailing out ==== END DEBUG OUTPUT ==== Regards. -- System Information: Debian Release: lenny APT prefers testing APT policy: (500, 'testing') Architecture: amd64 (x86_64) Kernel: Linux 2.6.26.2+kvm-guest.2 (SMP w/1 CPU core) Locale: LANG=fr_FR.UTF-8, LC_CTYPE=fr_FR.UTF-8 (charmap=UTF-8) Shell: /bin/sh linked to /bin/bash Versions of packages libnss-ldapd depends on: ii adduser 3.108 add and remove users and groups ii debconf [debconf-2.0] 1.5.22 Debian configuration management sy ii libc6 2.7-13 GNU C Library: Shared libraries ii libkrb53 1.6.dfsg.4~beta1-3 MIT Kerberos runtime libraries ii libldap-2.4-2 2.4.10-3 OpenLDAP libraries ii libsasl2-2 2.1.22.dfsg1-21 Cyrus SASL - authentication abstra Versions of packages libnss-ldapd recommends: pn libpam-ldap <none> (no description available) pn nscd <none> (no description available) libnss-ldapd suggests no packages. -- debconf information: * libnss-ldapd/ldap-base: dc=baby-gnu,dc=org * libnss-ldapd/nsswitch: libnss-ldapd/ldap-binddn: * libnss-ldapd/ldap-uris: ldap://192.168.122.4 -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED]
