On 21/01/11 11:45 +0100, Thomas Schweikle wrote:
Hi!
I kerberized ldap:
dn: cn=config
objectClass: olcGlobal
cn: config
olcAuthzRegexp: uid=(.*),cn=example.com,cn=gssapi,cn=auth
uid=$1,ou=Users,dc=example,dc=com
olcSaslHost: srv.example.com
olcSaslRealm: EXAMPLE.COM
In /etc/ldap/ldap.conf:
BASE dc=example,dc=com
URI ldap://srv.example.com
SASL_MECH GSSAPI
In /etc/ldap.conf
base dc=example,dc=com
uri ldap://srv.example.com
ldap_version 3
rootbinddn cn=adm,dc=example,dc=com
pam_password md5
I now try to connect to my ldap server:
client:~$ kinit user
Password for [email protected]:
client:~$ klist
Ticket cache: FILE:/tmp/krb5cc_1000
Default principal: [email protected]
Valid starting Expires Service principal
01/21/11 11:32:03 01/21/11 21:32:03 krbtgt/[email protected]
renew until 01/22/11 11:31:58
client:~$ ldapsearch -H ldap://srv.example.com
SASL/DIGEST-MD5 authentication started
Please enter your password:
ldap_sasl_interactive_bind_s: Invalid credentials (49)
additional info: SASL(-13): user not found: no secret in
database
See the FAQ entry on OpenLDAP+SASL+GSSAPI at:
http://www.cyrusimap.org/mediawiki/index.php/FAQ
--
Dan White
