[Date Prev][Date Next] [Chronological] [Thread] [Top]

Re: Help with OpenLDAP as NIS replacement.

To: openldap-software@OpenLDAP.org
Subject: Re: Help with OpenLDAP as NIS replacement.
From: Dieter Kluenter <dieter@dkluenter.de>
Date: Wed, 06 Aug 2003 08:16:41 +0200
In-reply-to: <20030802145759.GA91359@lewiz.org> (Lewis Thompson's message of "Sat, 2 Aug 2003 15:57:59 +0100")
References: <20030802145759.GA91359@lewiz.org>
User-agent: Gnus/5.1001 (Gnus v5.10.1) XEmacs/21.4 (Portable Code, linux)

Hello,

Lewis Thompson <purple@lewiz.info> writes:

> Hi,
>
>   I've been struggling to get openldap21 to work as a replacement for
> NIS, authenticating against Kerberos using cyrus-sasl2 for quite some
> time.  I'd been following Turbo's HOWTO, but that is for openldap20,
> cyrus-sasl1 and generally there are a number of inconsistencies.  Could
> anybody provide me with anywhere to look for setting this up?  I get to
> the stage where I get:
>
> ldap_sasl_interactive_bind_s: Invalid credentials (49)
>         additional info: SASL(-13): authentication failure: GSSAPI
> Failure: gss_accept_sec_context
>
> when I try and authenticate, yet I know cyrus-sasl2 works perfectly for
> talking to Kerberos as I have tested it with the sample-{server|client}
> software.

Did you set saslRegexp in slapd.conf?
Check the logfile for any errors while slapd is parsing the sasl
authentication string against an entry.

This are my settings

saslRegexp
     uid=(.*),cn=avci.de,cn=GSSAPI,cn=auth
     ldap:///o=avci,c=de??sub?uid=$1 
saslRegexp
    uid=(.*),cn=avci.de,cn=GSSAPI,cn=auth
    uid=$1,o=avci,c=de


-Dieter
-- 
Dieter Kluenter  | Systemberatung
Tel:040.64861967 | Fax: 040.64891521
mailto: dkluenter(at)dkluenter.de
http://www.avci.de

References:
- Help with OpenLDAP as NIS replacement.
  - From: Lewis Thompson <purple@lewiz.info>

Prev by Date: Fw: help about ldap_bin_s()
Next by Date: access log for OpenLDAP
Index(es):
- Chronological
- Thread