[Date Prev][Date Next] [Chronological] [Thread] [Top]

Secure replication, using KerberosV keytab (or SASL?)

To: openldap-software@OpenLDAP.org
Subject: Secure replication, using KerberosV keytab (or SASL?)
From: Turbo Fredriksson <turbo@bayour.com>
Date: 19 Mar 2001 22:10:11 +0100
Organization: LDAP/Kerberos expert wannabe
User-agent: Gnus/5.0807 (Gnus v5.8.7) Emacs/20.7

I'm currently working on getting secure replication, using TLS/SSL
and SASL/KerberosV to work... Using my knowledge from OpenLDAP1, I
did this on the master server:

----- s n i p -----
replica         host=localhost:3391
                tls=yes
                bindmethod=kerberos
                srvtab=/etc/ldap/slurpd.keytab
replogfile      /var/lib/ldap/replog
----- s n i p -----

Then running a extra slapd on localhost, listening on 

        -h "ldap://0.0.0.0:$PORT/ ldaps://0.0.0.0:`expr $PORT + 1`/"

PORT being 3391 with this in the config:

----- s n i p -----
updatedn        "dn=uid=replicator.+\+realm=[MY REALM]"
----- s n i p -----

When starting master slapd, I get:

----- s n i p -----
Error: a bind method of "kerberos" was
specified in the slapd configuration file.
slurpd no longer supports Kerberos.
----- s n i p -----

But if I'm using 'bindmethod=sasl', then I can't use a keytab...?

-- 
 Turbo     __ _     Debian GNU     Unix _IS_ user friendly - it's just 
 ^^^^^    / /(_)_ __  _   ___  __  selective about who its friends are 
         / / | | '_ \| | | \ \/ /   Debian Certified Linux Developer  
  _ /// / /__| | | | | |_| |>  <  Turbo Fredriksson   turbo@tripnet.se
  \\\/  \____/_|_| |_|\__,_/_/\_\ Stockholm/Sweden

Follow-Ups:
- Re: Secure replication, using KerberosV keytab (or SASL?)
  - From: GOMBAS Gabor <gombasg@inf.elte.hu>

Prev by Date: Re: SASL and LDAP
Next by Date: Auth pro w/ IMAP & LDAP
Index(es):
- Chronological
- Thread