[Date Prev][Date Next] [Chronological] [Thread] [Top]

Re: GSSAPI not in supportedSASLMechanism

To: shuva brata deb <shuvabrata@yahoo.com>
Subject: Re: GSSAPI not in supportedSASLMechanism
From: "Kurt D. Zeilenga" <Kurt@OpenLDAP.org>
Date: Wed, 16 Jan 2002 18:18:05 -0800
Cc: openldap-software@OpenLDAP.org
In-reply-to: <5.1.0.14.0.20020116180901.01716eb8@127.0.0.1>
References: <20020116092935.82595.qmail@web20707.mail.yahoo.com>

At 06:11 PM 2002-01-16, Kurt D. Zeilenga wrote:
>Likely the Cyrus's GSSAPI mechanism plugin is loading,

s/is/is not/

sorry.

>likely because of some unresolved dependency.  Check
>your logs.
>
>Kurt
>
>At 01:29 AM 2002-01-16, shuva brata deb wrote:
>>Hi,
>>
>>I am trying to configure OpenLdap 2.0.15 on HP-UX
>>10.20  with GSSAPI as the authentication mechanism. I
>>have Kerberos krb5-1.2.2 installed and it works fine,
>>( i mean i can use kadmin, ktadd, ktrem, kinit, klist,
>>kdestroy successfully). I have cyrus-sasl-1.5.27
>>installed and its sample client and sample server test
>>passes successfully selecting GSSAPI as the best
>>mechanism. I also have ldbm version db-4.0.14
>>installed. While configuring OpenLdap , when i run
>>make test , i donot see GSSAPI as the
>>supportedSASLmechanism. I get PLAIN, SIMPLE,
>>ANONYMOUS, CRAM-MD5 and DIGEST-MD5 as the supported
>>mechanisms. All tests pass successfully.    
>>
>>
>>   After installing OpenLdap i can add and remove
>>entries, however when i execute the following command.
>>
>>
>>%>  ldapsearch -x -s base -b ""
>>supportedSASLMechanisms
>>
>>i get the following output.
>>  
>>
>>-----------------------------------------------------------------------------
>>
>>version: 2
>>
>>#
>># filter: (objectclass=*)
>># requesting: supportedSASLMechanisms 
>>#
>>
>>#
>>dn:
>>supportedSASLMechanisms: LOGIN
>>supportedSASLMechanisms: PLAIN
>>supportedSASLMechanisms: ANONYMOUS
>>supportedSASLMechanisms: DIGEST-MD5
>>supportedSASLMechanisms: CRAM-MD5
>>
>># search result
>>search: 2
>>result: 0 Success
>>
>># numResponses: 2
>># numEntries: 1
>> 
>>--------------------------------------------------------------------------------
>>
>>
>>I cant understand why GSSAPI is not listed as a
>>supportedSASLmechanism. ?
>>
>>
>>I configured OpenLdap with the following options:
>>
>>%> ./configure --with-cyrus-sasl --with-kerberos
>>--with-tls --enable-slapd  --enable-crypt
>>--enable-kpasswd --enable-spasswd --enable-ldbm
>>--enable-cleartext --enable-debug.     
>>
>>
>>Can anybody provide some information, why GSSAPI is
>>missing as a mechanism for LDAP.
>>
>>
>>My ldap.conf file is as follows.
>>
>>----------------------------------------------------------------------------------------
>># $OpenLDAP: pkg/ldap/servers/slapd/slapd.conf,v
>>1.8.8.7 2001/09/27 20:00:31 kurt Exp $
>>#
>># See slapd.conf(5) for details on configuration
>>options.
>># This file should NOT be world readable.
>>#
>>include        
>>/usr/local/etc/openldap/schema/core.schema
>>include        
>>/usr/local/etc/openldap/schema/cosine.schema
>>include        
>>/usr/local/etc/openldap/schema/inetorgperson.schema
>>
>>schemacheck    off
>>
>># Define global ACLs to disable default read access.
>>
>># Do not enable referrals until AFTER you have a
>>working directory
>># service AND an understanding of referrals.
>>#referral       ldap://root.openldap.org
>>
>>pidfile         /usr/local/var/slapd.pid
>>argsfile        /usr/local/var/slapd.args
>>
>># Load dynamic backend modules:
>># modulepath    /usr/local/libexec/openldap
>># moduleload    back_ldap.la
>># moduleload    back_ldbm.la
>># moduleload    back_passwd.la
>># moduleload    back_shell.la
>>
>>#
>># Sample Access Control
>>#       Allow read access of root DSE
>>#       Allow self write access
>>#       Allow authenticated users read access
>>#       Allow anonymous users to authenticate
>>#
>>access to * by * write
>>#access to dn="" by * read
>>#access to *
>>#       by self write
>>#       by users read
>>#       by anonymous auth
>>#
>># if no access controls are present, the default is:
>>#       Allow read by all
>>#
>># rootdn can always write!
>>
>>
>>access to *
>>              by * write
>>              by * read
>>              by * auth
>>              by self write
>>              by users read
>>              by anonymous auth
>>
>>
>># ldbm database definitions
>>#######################################################################
>>
>>sasl-realm          SCE.BRV.COM
>>sasl-host           sce.BRV.com
>>sasl-secprops       none
>>
>>database        ldbm
>>#suffix         "dc=my-domain,dc=com"
>>suffix          "o=MYLDAP,c=US"
>>#rootdn         "cn=Manager,dc=my-domain,dc=com"
>>rootdn          "cn=root,o=MYLDAP,c=US"
>>#rootdn         "uid=root@MYLDAP.COM"
>>
>>
>># Cleartext passwords, especially for the rootdn,
>>should
>># be avoid.  See slappasswd(8) and slapd.conf(5) for
>>details.
>># Use of strong authentication encouraged.
>>rootpw          secret
>># The database directory MUST exist prior to running
>>slapd AND
>># should only be accessible by the slapd/tools. Mode
>>700 recommended.
>>directory       /usr/local/var/openldap-ldbm
>># Indices to maintain
>>index   objectClass     eq
>>
>>-----------------------------------------------------------------------------------------
>>
>>Regards,
>>Shuva.//
>>
>>__________________________________________________
>>Do You Yahoo!?
>>Send FREE video emails in Yahoo! Mail!
>>http://promo.yahoo.com/videomail/

References:
- GSSAPI not in supportedSASLMechanism
  - From: shuva brata deb <shuvabrata@yahoo.com>
- Re: GSSAPI not in supportedSASLMechanism
  - From: "Kurt D. Zeilenga" <Kurt@OpenLDAP.org>

Prev by Date: Re: LDAP load ballancer / proxy ?
Next by Date: Re: Password Crypt Problem?
Index(es):
- Chronological
- Thread