Am Fri, 21 Jan 2011 11:45:53 +0100 schrieb Thomas Schweikle <[email protected]>:
> Hi! > > I kerberized ldap: > dn: cn=config > objectClass: olcGlobal > cn: config > olcAuthzRegexp: uid=(.*),cn=example.com,cn=gssapi,cn=auth > uid=$1,ou=Users,dc=example,dc=com > olcSaslHost: srv.example.com > olcSaslRealm: EXAMPLE.COM > > In /etc/ldap/ldap.conf: > BASE dc=example,dc=com > URI ldap://srv.example.com > SASL_MECH GSSAPI > > In /etc/ldap.conf > base dc=example,dc=com > uri ldap://srv.example.com > ldap_version 3 > rootbinddn cn=adm,dc=example,dc=com > pam_password md5 This is not an OPenLDAP configuration file. > I now try to connect to my ldap server: > > client:~$ ldapsearch -H ldap://srv.example.com > SASL/DIGEST-MD5 authentication started > Please enter your password: > ldap_sasl_interactive_bind_s: Invalid credentials (49) > additional info: SASL(-13): user not found: no secret in > database It seems that slapd doesn't have knowledge of sasl mechanism GSSAPI, check with ldapsearch -x -LLL -H ldap://srv.example.com -b "" -s base \ suportedSASLmechanisms > client:~$ ldapsearch -D uid=user,dc=example,dc=com -H > ldap://srv.example.com > ldap_bind: Server is unwilling to perform (53) > additional info: unauthenticated bind (DN with no password) > disallowed You want to do a sasl bind with GSSAPI mechanism ldapsearch -Y GSSAPI -H ldap://srv.example.com -Dieter -- Dieter Klünter | Systemberatung http://dkluenter.de GPG Key ID:DA147B05 53°37'09,95"N 10°08'02,42"E
