[Date Prev][Date Next] [Chronological] [Thread] [Top]

RE: can I use a kerberos ticket with ldapsearch (and ldap libraries)



On Sat, 2002-04-13 at 07:29, Michael Torrie wrote:
> Okay, I'm getting closer.  I'm able to do a kinit on my root@MYDOMAIN
> principal.  Then I run:
> 
> ldapsearch -h myhost.mydomain.com -p 389 -I -b "" -s base -LLL
> supportedSASLMechanisms
> 
> I get an error:
> 
> ldap_sasl_interactive_bind_s: Unknown error
> 	additional info: GSSAPI: gss_acquire_cred: Miscellaneous failure;
> Permission denied;
> 
> This is better then the last error, which was the generic local error.
> 
I struggled with this quite a few hours, it turned out that slapd
running as the user ldap didnt have read permissions for my keytab
(etc/krb5.keytab).

Another question.. when I get my kerberos ticket for
noselasd@FIANE.INTRA , and bind to ldap with sasl which
dn am I bound as?


-- 
Nils Olav Selåsdal <NOS@Utel.no>
System Developer, UtelSystems a/s
w w w . u t e l s y s t e m s . c o m