[Date Prev][Date Next]
[Chronological]
[Thread]
[Top]
Re: GSSAPI Binds openldap 2.1.12
Hi,
"Derek T. Yarnell" <derek@cs.umd.edu> writes:
> On Wed, Jan 22, 2003 at 10:20:11PM +0100, Dieter Kluenter wrote:
>> Hi,
>>
>> "Derek T. Yarnell" <derek@cs.umd.edu> writes:
>>
[...]
>> sasl didn't get a ticket
>> You have logged in with kinit, have you?
>
> derek@queasy:~> klist
> Ticket cache: FILE:/tmp/krb5cc_2174_TauRRY
> Default principal: derek@CSIC.CS.UMD.EDU
>
> Valid starting Expires Service principal
> 01/22/03 13:51:19 01/22/03 23:47:37 krbtgt/CSIC.CS.UMD.EDU@CSIC.CS.UMD.EDU
> renew until 01/22/03 23:47:37
> 01/22/03 13:51:25 01/22/03 23:47:37 ldap/queasy.csic.cs.umd.edu@CSIC.CS.UMD.EDU
> renew until 01/22/03 23:47:37
>
>
> Kerberos 4 ticket cache: /tmp/tkt2174_Nd03NG
> Principal: derek@CSIC.CS.UMD.EDU
>
> Issued Expires Principal
> 01/22/03 13:47:38 01/22/03 23:47:38 krbtgt.CSIC.CS.UMD.EDU@CSIC.CS.UMD.EDU
>
> --------
>
> So yeah, I got a ticket and it looks like i got a ldap ticket also.
Have you ever tested with ldapwhoami ?
-.-.-.-.-.-.-.-.-.-.-.-.-.-.-.-.-.-.-.-.-.-.
dieter@marin:/usr/local/bin> ./ldapwhoami
SASL/GSSAPI authentication started
SASL username: dieter@AVCI.DE
SASL SSF: 56
SASL installing layers
dn:cn=dieter kluenter,ou=partner,ou=users,o=avci,c=de
Result: Success (0)
-.-.-.-.-.-.-.-.-.-.-.-.-.-.-.-.-.-.-.-.-.-
If you don't get a positive result, you should doublecheck
saslRegexp. By the way, my saslRegexp differs from yours
-.-.-.-.-.-.-.-.-.-.-.-.-.-.-.-.-.-.-.-.-.-.-.-.-.-.
saslRegexp
uid=(.*),cn=GSSAPI,cn=auth
ldap:///ou=users,o=avci,c=de??sub?uid=$1
saslRegexp
uid=(.*),cn=GSSAPI,cn=auth
uid=$1,ou=users,o=avci,c=de
-.-.-.-.-.-.-.-.-.-.-.-.-.-.-.-.-.-.-.-.-.-.-.-.
-Dieter
--
Dieter Kluenter | Systemberatung
Tel:040.64861967 | Fax: 040.64891521
mailto: dkluenter@schevolution.com
http://www.schevolution.com/tour