I am trying to get {KERBEROS}principle pass thru authentication to work,
with no luck whatsoever.
I can successfully kinit as the principle, with the same password as I
am trying for the below command.
ldapsearch -H ldaps://fqdnofhost -D "uid=jhaltom,ou=users,dc=<mydc>" -x
-W
The following lines are in my slapd.conf.
srvtab /etc/krb5.keytab
sasl-realm <capital kerberos realm>
sasl-host <fqdn of kerberos host, same as slapd host>
THe userPassword of the object I am trying to bind (-D) as is
{KERBEROS}principlename@REALM
The keytab refered to in the srvtab line exists, and I have added
ldap/fqdnofhost@REALM to it.
I am totally out of ideas how to get this to work.
Plain authentication is required because I am going to be using the
COurier IMAP daemon, which cannot use kerberos as a authenitcation
store, but can use LDAP. ALl communication to ldap WILL be over TLS/SSL
so I am fine with the security.
I CAN kinit as the same principal as above, and successfully issue:
ldapsearch -x -W ''
Returning all records in the database.
Thanks for the help in advance
Jerry Haltom