Re: Small HOWTO about OpenLDAP2, SASL, Kerberos and SSL/TLS (Was: OpenLDAP2 and SASL/Kerberos)

[Turbo Fredriksson <turbo@bayour.com>]

Quoting Will Day <willday@rom.oit.gatech.edu>:

> One question I had about what you mentioned on the webpage was about the
> sasl gssapiv2 patch (#patch-sasl).  You mention:
> 
>    NOTE: According to a message on the openldap-software mailing list, this
>    was fixed some time ago in the CVS version of Cyrus SASL. So make sure
>    that you need the patch before applying it! The version of the file
>    plugins/gssapi.c in the cyrus-sasl source directory should be greater
>    than 1.39, that's when it was fixed. So if you have a version higher
>    than 1.39 you don't need to patch Cyrus-SASL.
> 
> I wasn't sure how to find the version of the file I have (this is the
> 1.5.24 tar from the ftp site); I didn't see a version number in the
> gssapi.c.

True enough, I didn't bother checking (that's what I meant by 'please review
it and mail me any irregularities' :).

If you are using the tarball from the FTP, then you need both patches. I assume
that the CVS version have a CVS number in it...

I'll update the HOWTO about that... Thanx.

> Also, for the "ldap_sasl_interactive_bind_s: Local error" error, I ran into
> the error in a different manner.  I wasn't specifying the FQDN hostname of
> the LDAP server, and it was defaulting to "localhost", for which it
> couldn't get a kerberos ticket. :)  You might want to include something
> about that; it took me several hours before I figured out what the heck was
> going on.

Specified the FQDN where?
Where did it default to localhost?
How did you solve it?

-- 
 Turbo     __ _     Debian GNU     Unix _IS_ user friendly - it's just 
 ^^^^^    / /(_)_ __  _   ___  __  selective about who its friends are 
         / / | | '_ \| | | \ \/ /   Debian Certified Linux Developer  
  _ /// / /__| | | | | |_| |>  <  Turbo Fredriksson   turbo@tripnet.se
  \\\/  \____/_|_| |_|\__,_/_/\_\ Stockholm/Sweden