[Date Prev][Date Next]
[Chronological]
[Thread]
[Top]
GSSAPI not in supportedSASLMechanism
Hi,
I am trying to configure OpenLdap 2.0.15 on HP-UX
10.20 with GSSAPI as the authentication mechanism. I
have Kerberos krb5-1.2.2 installed and it works fine,
( i mean i can use kadmin, ktadd, ktrem, kinit, klist,
kdestroy successfully). I have cyrus-sasl-1.5.27
installed and its sample client and sample server test
passes successfully selecting GSSAPI as the best
mechanism. I also have ldbm version db-4.0.14
installed. While configuring OpenLdap , when i run
make test , i donot see GSSAPI as the
supportedSASLmechanism. I get PLAIN, SIMPLE,
ANONYMOUS, CRAM-MD5 and DIGEST-MD5 as the supported
mechanisms. All tests pass successfully.
After installing OpenLdap i can add and remove
entries, however when i execute the following command.
%> ldapsearch -x -s base -b ""
supportedSASLMechanisms
i get the following output.
-----------------------------------------------------------------------------
version: 2
#
# filter: (objectclass=*)
# requesting: supportedSASLMechanisms
#
#
dn:
supportedSASLMechanisms: LOGIN
supportedSASLMechanisms: PLAIN
supportedSASLMechanisms: ANONYMOUS
supportedSASLMechanisms: DIGEST-MD5
supportedSASLMechanisms: CRAM-MD5
# search result
search: 2
result: 0 Success
# numResponses: 2
# numEntries: 1
--------------------------------------------------------------------------------
I cant understand why GSSAPI is not listed as a
supportedSASLmechanism. ?
I configured OpenLdap with the following options:
%> ./configure --with-cyrus-sasl --with-kerberos
--with-tls --enable-slapd --enable-crypt
--enable-kpasswd --enable-spasswd --enable-ldbm
--enable-cleartext --enable-debug.
Can anybody provide some information, why GSSAPI is
missing as a mechanism for LDAP.
My ldap.conf file is as follows.
----------------------------------------------------------------------------------------
# $OpenLDAP: pkg/ldap/servers/slapd/slapd.conf,v
1.8.8.7 2001/09/27 20:00:31 kurt Exp $
#
# See slapd.conf(5) for details on configuration
options.
# This file should NOT be world readable.
#
include
/usr/local/etc/openldap/schema/core.schema
include
/usr/local/etc/openldap/schema/cosine.schema
include
/usr/local/etc/openldap/schema/inetorgperson.schema
schemacheck off
# Define global ACLs to disable default read access.
# Do not enable referrals until AFTER you have a
working directory
# service AND an understanding of referrals.
#referral ldap://root.openldap.org
pidfile /usr/local/var/slapd.pid
argsfile /usr/local/var/slapd.args
# Load dynamic backend modules:
# modulepath /usr/local/libexec/openldap
# moduleload back_ldap.la
# moduleload back_ldbm.la
# moduleload back_passwd.la
# moduleload back_shell.la
#
# Sample Access Control
# Allow read access of root DSE
# Allow self write access
# Allow authenticated users read access
# Allow anonymous users to authenticate
#
access to * by * write
#access to dn="" by * read
#access to *
# by self write
# by users read
# by anonymous auth
#
# if no access controls are present, the default is:
# Allow read by all
#
# rootdn can always write!
access to *
by * write
by * read
by * auth
by self write
by users read
by anonymous auth
# ldbm database definitions
#######################################################################
sasl-realm SCE.BRV.COM
sasl-host sce.BRV.com
sasl-secprops none
database ldbm
#suffix "dc=my-domain,dc=com"
suffix "o=MYLDAP,c=US"
#rootdn "cn=Manager,dc=my-domain,dc=com"
rootdn "cn=root,o=MYLDAP,c=US"
#rootdn "uid=root@MYLDAP.COM"
# Cleartext passwords, especially for the rootdn,
should
# be avoid. See slappasswd(8) and slapd.conf(5) for
details.
# Use of strong authentication encouraged.
rootpw secret
# The database directory MUST exist prior to running
slapd AND
# should only be accessible by the slapd/tools. Mode
700 recommended.
directory /usr/local/var/openldap-ldbm
# Indices to maintain
index objectClass eq
-----------------------------------------------------------------------------------------
Regards,
Shuva.//
__________________________________________________
Do You Yahoo!?
Send FREE video emails in Yahoo! Mail!
http://promo.yahoo.com/videomail/