[Date Prev][Date Next]
[Chronological]
[Thread]
[Top]
difficulties running slapd as non-root and sasl
I can only use sasl-gssapi with openldap if I run slapd as root.
If I run it as a regular user (ldap), sasl-gssapi won't work,
even with a world-readable /etc/krb5.keytab. I get different
errors:
This happens with a 0600 krb5.keytab which slapd can't read. That's expected.
$ ldapsearch -LLL uid=bla
SASL/GSSAPI authentication started
ldap_sasl_interactive_bind_s: Unknown error
additional info: GSSAPI: gss_acquire_cred: Miscellaneous failure; Permission denied;
Now I have a 666 krb5.keytab file, just for testing:
$ ldapsearch -LLL uid=bla
SASL/GSSAPI authentication started
ldap_sasl_interactive_bind_s: Unknown error
additional info: GSSAPI: gss_acquire_cred: Miscellaneous failure; Permission denied in replay cache code;
If I run slapd as root, then it works... (and yes, /etc/openldap/slapd.conf is
readable by the ldap user).
Any clues?