[Date Prev][Date Next]
[Chronological]
[Thread]
[Top]
Re: Anonymously binding despite '-U ....' to ldapsearch
Quoting "Kurt D. Zeilenga" <Kurt@OpenLDAP.org>:
> I suggest you use ldapwhoami(1) to determine what your
> authorization identity actually is. Note that some of
> of the identity mapping stuff was changed. Namely,
> multi-valued RDNs are no longer used.
Much easier :)
This brings me to another issue. Using ldapwhoami as 'turbo'
with a ticket for 'turbo@BAYOUR.COM' shows the expected
DN. But doing it as root with the 'same' ticket (ie with
principal 'turbo@BAYOUR.COM') gives:
----- s n i p -----
majorskan:~# klist
Ticket cache: FILE:/tmp/krb5cc_0
Default principal: turbo@BAYOUR.COM
Valid starting Expires Service principal
02/26/03 15:44:37 02/27/03 01:44:35 krbtgt/BAYOUR.COM@BAYOUR.COM
02/26/03 15:48:48 02/27/03 01:44:35 ldap/majorskan.bayour.com@BAYOUR.COM
Kerberos 4 ticket cache: /tmp/tkt0
klist: You have no tickets cached
majorskan:~# ldapwhoami
SASL/GSSAPI authentication started
ldap_sasl_interactive_bind_s: Invalid credentials (49)
additional info: SASL(-13): authentication failure: GSSAPI Failure: gss_accept_sec_context
----- s n i p -----