A short time ago, at a computer terminal far, far away, Turbo Fredriksson wrote:
>> Also, for the "ldap_sasl_interactive_bind_s: Local error" error, I ran into
>> the error in a different manner. I wasn't specifying the FQDN hostname of
>> the LDAP server, and it was defaulting to "localhost", for which it
>> couldn't get a kerberos ticket. :) You might want to include something
>> about that; it took me several hours before I figured out what the heck was
>> going on.
>
>Specified the FQDN where?
>Where did it default to localhost?
>How did you solve it?
I guess the issue wasn't FQDN, per se - just that I wasn't specifying a
hostname at all for the LDAP server.
I was using, for instance:
ldapmodify -f tmp.ldif
which reported "ldap_sasl_interactive_bind_s: Local error".
Specifying the hostname for the LDAP server solved it:
ldapmodify -h ldap.oit.gatech.edu -f tmp.ldif
Prior to setting up sasl/gssapi, doing a simple bind with admin password
worked, and it appeared to be talking to port 389 on "localhost", as we had
not specified a hostname for the LDAP server in ldap.conf, nor on the
command line. I'm guessing that this fails with sasl/gssapi because it is
unable to get a kerberos service ticket for "ldap/localhost".
--
Will Day <PGP mail preferred> OIT / O&E / Technical Support
willday@rom.oit.gatech.edu Georgia Tech, Atlanta 30332-0715
-> Opinions expressed are mine alone and do not reflect OIT policy <-
Those who would give up essential Liberty, to purchase a little temporary
Safety, deserve neither Liberty nor Safety.
Benjamin Franklin, Pennsylvania Assembly, Nov. 11, 1755
Attachment:
pgpvrGpafaH20.pgp
Description: PGP signature