[Date Prev][Date Next]
[Chronological]
[Thread]
[Top]
Re: GSSAPI not in supportedSASLMechanism
Likely the Cyrus's GSSAPI mechanism plugin is loading,
likely because of some unresolved dependency. Check
your logs.
Kurt
At 01:29 AM 2002-01-16, shuva brata deb wrote:
>Hi,
>
>I am trying to configure OpenLdap 2.0.15 on HP-UX
>10.20 with GSSAPI as the authentication mechanism. I
>have Kerberos krb5-1.2.2 installed and it works fine,
>( i mean i can use kadmin, ktadd, ktrem, kinit, klist,
>kdestroy successfully). I have cyrus-sasl-1.5.27
>installed and its sample client and sample server test
>passes successfully selecting GSSAPI as the best
>mechanism. I also have ldbm version db-4.0.14
>installed. While configuring OpenLdap , when i run
>make test , i donot see GSSAPI as the
>supportedSASLmechanism. I get PLAIN, SIMPLE,
>ANONYMOUS, CRAM-MD5 and DIGEST-MD5 as the supported
>mechanisms. All tests pass successfully.
>
>
> After installing OpenLdap i can add and remove
>entries, however when i execute the following command.
>
>
>%> ldapsearch -x -s base -b ""
>supportedSASLMechanisms
>
>i get the following output.
>
>
>-----------------------------------------------------------------------------
>
>version: 2
>
>#
># filter: (objectclass=*)
># requesting: supportedSASLMechanisms
>#
>
>#
>dn:
>supportedSASLMechanisms: LOGIN
>supportedSASLMechanisms: PLAIN
>supportedSASLMechanisms: ANONYMOUS
>supportedSASLMechanisms: DIGEST-MD5
>supportedSASLMechanisms: CRAM-MD5
>
># search result
>search: 2
>result: 0 Success
>
># numResponses: 2
># numEntries: 1
>
>--------------------------------------------------------------------------------
>
>
>I cant understand why GSSAPI is not listed as a
>supportedSASLmechanism. ?
>
>
>I configured OpenLdap with the following options:
>
>%> ./configure --with-cyrus-sasl --with-kerberos
>--with-tls --enable-slapd --enable-crypt
>--enable-kpasswd --enable-spasswd --enable-ldbm
>--enable-cleartext --enable-debug.
>
>
>Can anybody provide some information, why GSSAPI is
>missing as a mechanism for LDAP.
>
>
>My ldap.conf file is as follows.
>
>----------------------------------------------------------------------------------------
># $OpenLDAP: pkg/ldap/servers/slapd/slapd.conf,v
>1.8.8.7 2001/09/27 20:00:31 kurt Exp $
>#
># See slapd.conf(5) for details on configuration
>options.
># This file should NOT be world readable.
>#
>include
>/usr/local/etc/openldap/schema/core.schema
>include
>/usr/local/etc/openldap/schema/cosine.schema
>include
>/usr/local/etc/openldap/schema/inetorgperson.schema
>
>schemacheck off
>
># Define global ACLs to disable default read access.
>
># Do not enable referrals until AFTER you have a
>working directory
># service AND an understanding of referrals.
>#referral ldap://root.openldap.org
>
>pidfile /usr/local/var/slapd.pid
>argsfile /usr/local/var/slapd.args
>
># Load dynamic backend modules:
># modulepath /usr/local/libexec/openldap
># moduleload back_ldap.la
># moduleload back_ldbm.la
># moduleload back_passwd.la
># moduleload back_shell.la
>
>#
># Sample Access Control
># Allow read access of root DSE
># Allow self write access
># Allow authenticated users read access
># Allow anonymous users to authenticate
>#
>access to * by * write
>#access to dn="" by * read
>#access to *
># by self write
># by users read
># by anonymous auth
>#
># if no access controls are present, the default is:
># Allow read by all
>#
># rootdn can always write!
>
>
>access to *
> by * write
> by * read
> by * auth
> by self write
> by users read
> by anonymous auth
>
>
># ldbm database definitions
>#######################################################################
>
>sasl-realm SCE.BRV.COM
>sasl-host sce.BRV.com
>sasl-secprops none
>
>database ldbm
>#suffix "dc=my-domain,dc=com"
>suffix "o=MYLDAP,c=US"
>#rootdn "cn=Manager,dc=my-domain,dc=com"
>rootdn "cn=root,o=MYLDAP,c=US"
>#rootdn "uid=root@MYLDAP.COM"
>
>
># Cleartext passwords, especially for the rootdn,
>should
># be avoid. See slappasswd(8) and slapd.conf(5) for
>details.
># Use of strong authentication encouraged.
>rootpw secret
># The database directory MUST exist prior to running
>slapd AND
># should only be accessible by the slapd/tools. Mode
>700 recommended.
>directory /usr/local/var/openldap-ldbm
># Indices to maintain
>index objectClass eq
>
>-----------------------------------------------------------------------------------------
>
>Regards,
>Shuva.//
>
>__________________________________________________
>Do You Yahoo!?
>Send FREE video emails in Yahoo! Mail!
>http://promo.yahoo.com/videomail/