[Date Prev][Date Next] [Chronological] [Thread] [Top]

ldapsearch gives authentication error under AIX 5.1

To: openldap-software@OpenLDAP.org
Subject: ldapsearch gives authentication error under AIX 5.1
From: stefan.rothenbuehler@vzug.ch
Date: Thu, 27 Mar 2003 15:10:40 +0100

Hello all together

I'm trying to connect to a W2k LDAP-Server with the SASL GSSAPI method
under AIX 5.1 .

Because I'm not able to use RPM's under AIX, I have to do that all by
compiling
the tarballs.

Here is what I've done so far:
- Compiled and installed gdbm-1.8.3 which I use as ldbm backend. This
worked without
   any complications (./configure && make && make install)
- Compiled and installed tcl8.4.2 which is needed by kerberos (am I wrong
with this?)
- Compiled and installed the MIT Kerberos (krb5-1.2.6) without getting
problems (just configure && make && make install)
- Did the same with OpenSSL (openssl-0.9.7a)
- Compiling the Cyrus SASL (cyrus-sasl-1.5.28) was a little bit more tricky
than I thought:

 env CPPFLAGS="-I/usr/local/ssl/include -I/usr/local/include/gssapi/
-I/usr/local/include/ -I/usr/local/include/kerberosIV/" LDFLAGS="
-L/usr/local/ssl/lib -L/usr/local/lib/       -lgssapi_krb5 -lkrb5
-lk5crypto -lcom_err" ./configure --enable-shared --enable-gssapi
--enable-krb4

make && make install (without problems)

- Compiling OpenLDAP (openldap-2.0.27) was a great deal of head-scratching
and hair-pulling:

   env CPPFLAGS="-I/usr/local/ssl/include -I/usr/include/sasl
-I/usr/local/include/" LDFLAGS=" -L/usr/local/ssl/lib -L/usr/local/lib/
-lpam -lgssapi_krb5 -lkrb5 -lk5crypto -lcom_err" ./configure --enable-ldbm
--with-ldbm-api=gdbm --disable-shared --with-ssl --with-kerberos --with-tls
--with-cyrus-sasl --prefix=/usr --sysconfdir=/etc  --enable-slapd
--enable-kpasswd --enable-spasswd --enable-kbind

Because of a BUG (i've read about that on the internet) I had to change the
./include/portable.h file before doing a "make":
 #define HAVE_GETADDRINFO 1 -> #undef HAVE_GETADDRINFO

The "make test" passed without a single error.
Before I started using ldapsearch to test the connection to the LDAP Server
I catched a Kerberos-Ticket via "kinit <usr>@<realm>" which worked fine.

But now if I try to make a ldapsearch (ldapsearch -h myldapserver -p 389 -d
5) I get the following error:

   ldap_interactive_sasl_bind_s: server supports: GSSAPI GSS-SPNEGO
   ldap_int_sasl_bind: GSSAPI GSS-SPNEGO
   ldap_perror
   ldap_sasl_interactive_bind_s: Unknown authentication method

I think that I've all done (yes, I had to read through a lot of mans,
internet-pages and mailing lists to come so close to the solution),
but now I don't come forward anymore.
So any tipps or tricks would rock!

Thank you very much!

____________________________________________________
Stefan Rothenbühler, Informatik
Direktwahl +41 (0)41 767 65 53, Direktfax +41 (0)41 767 95 53
mailto:stefan.rothenbuehler@vzug.ch

V-ZUG AG
Industriestrasse 66, Postfach 59, CH-6301 Zug
Telefon +41 (0)41 767 67 67, Fax +41 (0)41 767 61 67
mailto:vzug@vzug.ch, http://www.vzug.ch

Prev by Date: Re: Problems with multiple DNS names in cert.
Next by Date: simple Authentication
Index(es):
- Chronological
- Thread