[Date Prev][Date Next] [Chronological] [Thread] [Top]

GSSAPI not in supportedSASLMechanism



Hi,

I am trying to configure OpenLdap 2.0.15 on HP-UX
10.20  with GSSAPI as the authentication mechanism. I
have Kerberos krb5-1.2.2 installed and it works fine,
( i mean i can use kadmin, ktadd, ktrem, kinit, klist,
kdestroy successfully). I have cyrus-sasl-1.5.27
installed and its sample client and sample server test
passes successfully selecting GSSAPI as the best
mechanism. I also have ldbm version db-4.0.14
installed. While configuring OpenLdap , when i run
make test , i donot see GSSAPI as the
supportedSASLmechanism. I get PLAIN, SIMPLE,
ANONYMOUS, CRAM-MD5 and DIGEST-MD5 as the supported
mechanisms. All tests pass successfully.    


   After installing OpenLdap i can add and remove
entries, however when i execute the following command.


%>  ldapsearch -x -s base -b ""
supportedSASLMechanisms

i get the following output.
  

-----------------------------------------------------------------------------

version: 2

#
# filter: (objectclass=*)
# requesting: supportedSASLMechanisms 
#

#
dn:
supportedSASLMechanisms: LOGIN
supportedSASLMechanisms: PLAIN
supportedSASLMechanisms: ANONYMOUS
supportedSASLMechanisms: DIGEST-MD5
supportedSASLMechanisms: CRAM-MD5

# search result
search: 2
result: 0 Success

# numResponses: 2
# numEntries: 1
 
--------------------------------------------------------------------------------


I cant understand why GSSAPI is not listed as a
supportedSASLmechanism. ?


I configured OpenLdap with the following options:

%> ./configure --with-cyrus-sasl --with-kerberos
--with-tls --enable-slapd  --enable-crypt
--enable-kpasswd --enable-spasswd --enable-ldbm
--enable-cleartext --enable-debug.     


Can anybody provide some information, why GSSAPI is
missing as a mechanism for LDAP.


My ldap.conf file is as follows.

----------------------------------------------------------------------------------------
# $OpenLDAP: pkg/ldap/servers/slapd/slapd.conf,v
1.8.8.7 2001/09/27 20:00:31 kurt Exp $
#
# See slapd.conf(5) for details on configuration
options.
# This file should NOT be world readable.
#
include        
/usr/local/etc/openldap/schema/core.schema
include        
/usr/local/etc/openldap/schema/cosine.schema
include        
/usr/local/etc/openldap/schema/inetorgperson.schema

schemacheck    off

# Define global ACLs to disable default read access.

# Do not enable referrals until AFTER you have a
working directory
# service AND an understanding of referrals.
#referral       ldap://root.openldap.org

pidfile         /usr/local/var/slapd.pid
argsfile        /usr/local/var/slapd.args

# Load dynamic backend modules:
# modulepath    /usr/local/libexec/openldap
# moduleload    back_ldap.la
# moduleload    back_ldbm.la
# moduleload    back_passwd.la
# moduleload    back_shell.la

#
# Sample Access Control
#       Allow read access of root DSE
#       Allow self write access
#       Allow authenticated users read access
#       Allow anonymous users to authenticate
#
access to * by * write
#access to dn="" by * read
#access to *
#       by self write
#       by users read
#       by anonymous auth
#
# if no access controls are present, the default is:
#       Allow read by all
#
# rootdn can always write!


access to *
              by * write
              by * read
              by * auth
              by self write
              by users read
              by anonymous auth


# ldbm database definitions
#######################################################################

sasl-realm          SCE.BRV.COM
sasl-host           sce.BRV.com
sasl-secprops       none

database        ldbm
#suffix         "dc=my-domain,dc=com"
suffix          "o=MYLDAP,c=US"
#rootdn         "cn=Manager,dc=my-domain,dc=com"
rootdn          "cn=root,o=MYLDAP,c=US"
#rootdn         "uid=root@MYLDAP.COM"


# Cleartext passwords, especially for the rootdn,
should
# be avoid.  See slappasswd(8) and slapd.conf(5) for
details.
# Use of strong authentication encouraged.
rootpw          secret
# The database directory MUST exist prior to running
slapd AND
# should only be accessible by the slapd/tools. Mode
700 recommended.
directory       /usr/local/var/openldap-ldbm
# Indices to maintain
index   objectClass     eq

-----------------------------------------------------------------------------------------

Regards,
Shuva.//

__________________________________________________
Do You Yahoo!?
Send FREE video emails in Yahoo! Mail!
http://promo.yahoo.com/videomail/