[Date Prev][Date Next] [Chronological] [Thread] [Top]

RE: ldap in heterogenous environment



Title: RE: ldap in heterogenous environment

ldapsearch -Y gssapi -ZZ -H ldap://ldap.full.domain.com -s base -b "" "+"
SASL/GSSAPI authentication started
ldap_sasl_interactive_bind_s: Invalid credentials (49)
        additional info: SASL(-13): authentication failure: GSSAPI Failure: gss_accept_sec_context


"Could someone please elucidate" ...

I'm fairly sure it has something to do with hostnames, CAs (CNs?
DNs? ) or identification. Exactly what - who the heck knows - there
really aren't any clear error messages.  I've used truss, slapd -d 1,
read mail group archives, searched the net... nothing.  nada.

Scott





-----Original Message-----
From: Tony Earnshaw [mailto:tonni@billy.demon.nl]
Sent: Monday, April 21, 2003 10:58 AM
To: Howard Chu
Cc: walter+openldap@efrei.fr; openldap-software@OpenLDAP.org
Subject: RE: ldap in heterogenous environment

søn, 20.04.2003 kl. 16.36 skrev Howard Chu:

> This has been discussed here before. The solution that we recommend is to use
> Heimdal with PADL's hdb-ldap backend and Symas' patches. (Not all of the
> patches were present in Heimdal 0.5.2 so it seems you still have to apply
> some by hand.) This approach gives the tightest integration, putting the
> Kerberos user database in LDAP itself.

I'm now totally confused. At the last count, I seem to remember reading
(without going back to it) that you said that Heimdal had bugs that made
it more or less useless and that one should use MIT Kerberos. Previously
I'd heard that MIT Kerberos was totally useless and that Heimdal was the
solution.

Could someone please elucidate?

Tony

--

Tony Earnshaw

Do not come to visit me with both arms the same length.

e-post:         tonni@billy.demon.nl
www:            http://www.billy.demon.nl



This mail message originated outside Commerzbank via the Internet. As a result, the sender's address is not verifiable.



**********************************************************************
This communication is confidential and is intended only for the person to whom it is addressed. If you are not that person you are not permitted to make use of the information and you are requested to notify Commerzbank Aktiengesellschaft, New York Branch immediately that you have received it and then to destroy the copy in your possession. Views expressed in this e-mail do not necessarily reflect the views of Commerzbank AG.
**********************************************************************