[Date Prev][Date Next] [Chronological] [Thread] [Top]

Re: GSSAPI Binds openldap 2.1.12



Hi,

"Derek T. Yarnell" <derek@cs.umd.edu> writes:

> On Wed, Jan 22, 2003 at 10:20:11PM +0100, Dieter Kluenter wrote:
>> Hi,
>> 
>> "Derek T. Yarnell" <derek@cs.umd.edu> writes:
>> 
[...]

>> sasl didn't get a ticket
>> You have logged in with kinit, have you?
>
> derek@queasy:~> klist
> Ticket cache: FILE:/tmp/krb5cc_2174_TauRRY
> Default principal: derek@CSIC.CS.UMD.EDU
>
> Valid starting     Expires            Service principal
> 01/22/03 13:51:19  01/22/03 23:47:37  krbtgt/CSIC.CS.UMD.EDU@CSIC.CS.UMD.EDU
>         renew until 01/22/03 23:47:37
> 01/22/03 13:51:25  01/22/03 23:47:37  ldap/queasy.csic.cs.umd.edu@CSIC.CS.UMD.EDU
>         renew until 01/22/03 23:47:37
>
>
> Kerberos 4 ticket cache: /tmp/tkt2174_Nd03NG
> Principal: derek@CSIC.CS.UMD.EDU
>
>   Issued              Expires             Principal
> 01/22/03 13:47:38  01/22/03 23:47:38  krbtgt.CSIC.CS.UMD.EDU@CSIC.CS.UMD.EDU
>
> --------
>
> So yeah, I got a ticket and it looks like i got a ldap ticket also.

Have you ever tested with ldapwhoami ?

-.-.-.-.-.-.-.-.-.-.-.-.-.-.-.-.-.-.-.-.-.-.
dieter@marin:/usr/local/bin> ./ldapwhoami
SASL/GSSAPI authentication started
SASL username: dieter@AVCI.DE
SASL SSF: 56
SASL installing layers
dn:cn=dieter kluenter,ou=partner,ou=users,o=avci,c=de
Result: Success (0)
-.-.-.-.-.-.-.-.-.-.-.-.-.-.-.-.-.-.-.-.-.-

If you don't get a positive result, you should doublecheck
saslRegexp. By the way, my saslRegexp differs from yours
-.-.-.-.-.-.-.-.-.-.-.-.-.-.-.-.-.-.-.-.-.-.-.-.-.-.
saslRegexp
     uid=(.*),cn=GSSAPI,cn=auth
     ldap:///ou=users,o=avci,c=de??sub?uid=$1 
saslRegexp
    uid=(.*),cn=GSSAPI,cn=auth
    uid=$1,ou=users,o=avci,c=de
-.-.-.-.-.-.-.-.-.-.-.-.-.-.-.-.-.-.-.-.-.-.-.-.

-Dieter

-- 
Dieter Kluenter  | Systemberatung
Tel:040.64861967 | Fax: 040.64891521
mailto: dkluenter@schevolution.com
http://www.schevolution.com/tour