[Date Prev][Date Next] [Chronological] [Thread] [Top]

Re: {KERBEROS} plain binding



Hi Jerry!

Sorry that I can't help you at the moment (on work this works - but currently I'm at home). But I've got here a link to a good document, which helped me a lot:

http://www.bayour.com/LDAPv3-HOWTO.html

Maybe you'll find the answer there...

Good Luck!


Chris


Jerry Haltom wrote:
I am trying to get {KERBEROS}principle pass thru authentication to work,
with no luck whatsoever.

I can successfully kinit as the principle, with the same password as I
am trying for the below command.

ldapsearch -H ldaps://fqdnofhost -D "uid=jhaltom,ou=users,dc=<mydc>" -x
-W

The following lines are in my slapd.conf.

srvtab          /etc/krb5.keytab
sasl-realm      <capital kerberos realm>
sasl-host       <fqdn of kerberos host, same as slapd host>

THe userPassword of the object I am trying to bind (-D) as is
{KERBEROS}principlename@REALM

The keytab refered to in the srvtab line exists, and I have added
ldap/fqdnofhost@REALM to it.

I am totally out of ideas how to get this to work.

Plain authentication is required because I am going to be using the
COurier IMAP daemon, which cannot use kerberos as a authenitcation
store, but can use LDAP.  ALl communication to ldap WILL be over TLS/SSL
so I am fine with the security.

I CAN kinit as the same principal as above, and successfully issue:

ldapsearch -x -W ''

Returning all records in the database.

Thanks for the help in advance

Jerry Haltom