[Date Prev][Date Next]
[Chronological]
[Thread]
[Top]
RE: Problems with OpenLDAP 2.1.4 and Kerberos
- To: "Howard Chu" <hyc@symas.com>, <openldap-software@OpenLDAP.org>
- Subject: RE: Problems with OpenLDAP 2.1.4 and Kerberos
- From: "Anthony Brock" <abrock@georgefox.edu>
- Date: Thu, 19 Sep 2002 12:36:52 -0700
- Content-class: urn:content-classes:message
- Thread-index: AcJgC6fh3ik7hpp8Tgq4/Nk37T5u0AAB4g+g
- Thread-topic: Problems with OpenLDAP 2.1.4 and Kerberos
Hmmm,
Setting the debug flag to -1 didn't appears to increase the output.
Thanks for the information concerning the "-I" flag. I was under a
different impression from the LDAP-Kerberos HOWTO.
Could this be an issue with our Active Directory setup? I'm intrigued by
the suggestion concerning the ldap/host@realm ticket (basically, I'm
grasping at straws).
Also, does anyone know how to better troubleshoot the SASL libraries? I
again tried the sample programs included with SASL v2, and they appeared
to work fine. Of course, this was when connecting to a UNIX server, not
a W2K server.
Tony
Anthony Brock
Director of Network Services
George Fox University
E-Mail: abrock@georgefox.edu
Phone: (503) 554-2579
FAX: (503) 554-3834
-----Original Message-----
From: Howard Chu [mailto:hyc@symas.com]
Sent: Thursday, September 19, 2002 11:38 AM
To: Anthony Brock; openldap-software@OpenLDAP.org
Subject: RE: Problems with OpenLDAP 2.1.4 and Kerberos
The "-I" flag is superfluous for the GSSAPI mechanism, all the relevant
information comes from your Kerberos credentials.
Setting your debug level up to -1 may show you more about what SASL is
doing,
I don't recall where the SASL log is directed at the moment.
-- Howard Chu
Chief Architect, Symas Corp. Director, Highland Sun
http://www.symas.com http://highlandsun.com/hyc
Symas: Premier OpenSource Development and Support