[Date Prev][Date Next] [Chronological] [Thread] [Top]

GSSAPI, OpenLDAP 2.0.21 and core dump

To: openldap-software@OpenLDAP.org
Subject: GSSAPI, OpenLDAP 2.0.21 and core dump
From: Anthony Brock <abrock@georgefox.edu>
Date: Wed, 30 Jan 2002 15:23:02 -0800

I am trying to build a V3 compliant OpenLDAP server on a Sun Solaris 8 UltraSparc E250 using Sun WorkShop 5.

I have a working Kerberos infrastructure based on MIT 1.2.3, and have downloaded and installed both the Sleepy Cat DB 3.3 and the Cyrus SASL 1.5.27. After much pain and suffering, I have successfully confirmed that the SASL library is working properly against the Kerberos (using the sample client and server).

However, after building and compiling OpenLDAP against SASL, I am attempting to use the "OpenLDAP, OpenSSL, SASL and Kerberos V HOWTO" document as a guide. The daemons appear to work at first:

*****
$ klist
Ticket cache: /tmp/krb5cc_100
Default principal: abrock@GEORGEFOX.EDU

Valid starting Expires Service principal Wed Jan 30 14:30:38 2002 Wed Jan 30 17:01:14 2002 krbtgt/GEORGEFOX.EDU@GEORGEFOX.EDU Wed Jan 30 14:38:32 2002 Wed Jan 30 17:01:14 2002 ldap/scripts.georgefox.edu@GEORGEFOX.EDU $ ldapsearch -L -h scripts.georgefox.edu -x -b "" -s base -LLL supportedSASLMechanisms dn: supportedSASLMechanisms: GSSAPI

$
*****

However, when I attempt the following command I see a core dump:

***** $ ldapsearch -L -h scripts.georgefox.edu -I -b "" -s base -LLL supportedSASLMechanisms SASL/GSSAPI authentication started SASL Interaction Please enter your authorization name: abrock ldap_sasl_interactive_bind_s: Can't contact LDAP server $ *****

Any attempts to use the "-H ldap://scripts.georgefox.edu/"; or "-H ldaps://scripts.georgefox.edu/" notation result in:

***** $ ldapsearch -L -H ldap://scripts.georgefox.edu/ -x -b "" -s base -LLL -ZZ supportedSASLMechanisms ldap_start_tls: Connect error additional info: error:24064064:random number generator:SSLEAY_RAND_BYTES:PRNG not seeded $ ldapsearch -L -H ldaps://scripts.georgefox.edu/ -x -b "" -s base -LLL supportedSASLMechanisms ldap_bind: Can't contact LDAP server additional info: error:24064064:random number generator:SSLEAY_RAND_BYTES:PRNG not seeded $ *****

I believe this may be a certificate problem, though queries work correctly from within Netscape's addressbook.

Please advise as I am stumped. I can live with the certificate mystery for the moment. However, I REALLY need the Kerberos to work!

Thanks in advance!

Tony

******************************************************************************
* Anthony Brock                                         abrock@georgefox.edu *
* Director of Network Services                         George Fox University *
******************************************************************************

Follow-Ups:
- RE: GSSAPI, OpenLDAP 2.0.21 and core dump
  - From: "Howard Chu" <hyc@highlandsun.com>

Prev by Date: Re: C programming with OpenLDAP
Next by Date: RE: GSSAPI, OpenLDAP 2.0.21 and core dump
Index(es):
- Chronological
- Thread