Hi,
I've been struggling to get openldap21 to work as a replacement for
NIS, authenticating against Kerberos using cyrus-sasl2 for quite some
time. I'd been following Turbo's HOWTO, but that is for openldap20,
cyrus-sasl1 and generally there are a number of inconsistencies. Could
anybody provide me with anywhere to look for setting this up? I get to
the stage where I get:
ldap_sasl_interactive_bind_s: Invalid credentials (49)
additional info: SASL(-13): authentication failure: GSSAPI
Failure: gss_accept_sec_context
when I try and authenticate, yet I know cyrus-sasl2 works perfectly for
talking to Kerberos as I have tested it with the sample-{server|client}
software.
I have tried to keep the settings as simple as possible and ldapsearch
-x with manager shows the following:
# lewiz.org
dn: dc=lewiz,dc=org
dc: lewiz
objectClass: top
objectClass: domain
# People, lewiz.org
dn: ou=People,dc=lewiz,dc=org
ou: People
objectClass: top
objectClass: organizationalUnit
# lewiz, People, lewiz.org
dn: uid=lewiz,ou=People,dc=lewiz,dc=org
uid: lewiz
cn: Lewis Thompson
objectClass: account
objectClass: top
objectClass: krb5Principal
krb5PrincipalName: lewiz@LEWIZ.ORG
I'm sure I've done something wrong and any help would be greatly
appreciated :)
Thanks very much,
-lewiz.
--
You have acquired a scroll entitled 'irk gleknow mizk'(n).--More--
This is an IBM Manual scroll.--More--
You are permanently confused.
-- Dave Decot
------------------------------------------------------------------------
-| msn:purple@lewiz.net | jab:lewiz@jabber.org | url:http://lewiz.net |-
Attachment:
pgpcPIwoKDGkH.pgp
Description: PGP signature