[Date Prev][Date Next]
[Chronological]
[Thread]
[Top]
RE: can I use a kerberos ticket with ldapsearch (and ldap libraries)
On Sat, 2002-04-13 at 07:29, Michael Torrie wrote:
> Okay, I'm getting closer. I'm able to do a kinit on my root@MYDOMAIN
> principal. Then I run:
>
> ldapsearch -h myhost.mydomain.com -p 389 -I -b "" -s base -LLL
> supportedSASLMechanisms
>
> I get an error:
>
> ldap_sasl_interactive_bind_s: Unknown error
> additional info: GSSAPI: gss_acquire_cred: Miscellaneous failure;
> Permission denied;
>
> This is better then the last error, which was the generic local error.
>
I struggled with this quite a few hours, it turned out that slapd
running as the user ldap didnt have read permissions for my keytab
(etc/krb5.keytab).
Another question.. when I get my kerberos ticket for
noselasd@FIANE.INTRA , and bind to ldap with sasl which
dn am I bound as?
--
Nils Olav Selåsdal <NOS@Utel.no>
System Developer, UtelSystems a/s
w w w . u t e l s y s t e m s . c o m