Hi Dieter Am 18.12.21 um 07:28 schrieb Dieter Klünter: > /etc/sasl2/slapd.conf > mech_list: gssapi digest-md5 cram-md5 external > keytab: /etc/openldap/ldap.keytab > > /etc/ldap.conf > KRB5_KTNAME=/etc/openldap/krb5.keytab > SASL_MECH GSSAPI > SASL_REALM My.SASL.REALM
The configuration is working but for the symas-packages the files must
be in /opt/symas/etc/sasl2 and /opt/symas/etc.
But now the ldap server is GSSAPI missing:
----------
root@ldap01:~# ldapwhoami
SASL/GSSAPI authentication started
ldap_sasl_interactive_bind: Authentication method not supported (7)
additional info: SASL(-4): no mechanism available: Couldn't find
mech GSSAPI
---------
The package "libsasl2-modules-gssapi-mit", "libgssapi-krb5-2" and
"symas-cyrus-sasl-lib" are installed but:
---------
root@ldap01:~# ldapsearch -x -H ldapi:/// -b "" -LLL -s base
-supportedSASLMechanisms
dn:
supportedSASLMechanisms: DIGEST-MD5
supportedSASLMechanisms: CRAM-MD5
---------
Is not showing GSSAPI as valid mechanism. As I said, it's the first time
I try the symas-packages with kerberos: Do I miss something else?
If I do the same on Debian10 with the Debian OpenLDAP-packages I get:
---------------
root@provider-stat:~# ldapsearch -x -H ldapi:/// -b "" -LLL -s base
supportedSASLMechanisms
dn:
supportedSASLMechanisms: GS2-IAKERB
supportedSASLMechanisms: GS2-KRB5
supportedSASLMechanisms: SCRAM-SHA-1
supportedSASLMechanisms: SCRAM-SHA-256
supportedSASLMechanisms: GSS-SPNEGO
supportedSASLMechanisms: GSSAPI
supportedSASLMechanisms: DIGEST-MD5
supportedSASLMechanisms: EXTERNAL
supportedSASLMechanisms: NTLM
supportedSASLMechanisms: CRAM-MD5
supportedSASLMechanisms: LOGIN
supportedSASLMechanisms: PLAIN
---------------
Stefan
smime.p7s
Description: S/MIME Cryptographic Signature
