[Date Prev][Date Next] [Chronological] [Thread] [Top]

Re: OpenLDAP with GSSAPI problem

To: openldap-software@OpenLDAP.org
Subject: Re: OpenLDAP with GSSAPI problem
From: Turbo Fredriksson <turbo@bayour.com>
Date: 07 Aug 2003 09:50:07 +0200
In-reply-to: <01b901c35cb0$045d9ff0$190110ac@shsco>
Organization: LDAP/Kerberos expert wannabe
References: <01b901c35cb0$045d9ff0$190110ac@shsco>
User-agent: Gnus/5.0808 (Gnus v5.8.8) Emacs/20.7

Quoting "Shaick" <shaick_mlist1@lycos.co.uk>:

> I have a problem to work OpenLDAP 2.1.21 with Cyrus-SASL 2.1.10
> GSSAPI mechnism.
> 
> Can you please give steps how to configure( slapd.conf,ldap.conf,and
> a sample ldif[if some thing special entries is needed for GSSAPI] )
>
> sasl-regexp
>         uid=(.*),cn=gssapi,cn=auth
>         [[ldap:///dc=team,dc=com??sub?(krb5PrincipalName=$1@REALM]])
>
> test.ldif
> --snip--
> dn: cn=shs+uid=s001,dc=team,dc=com
> cn: shs
> uid: s001
> ou: Development
> objectClass: top
> objectClass: person
> objectClass: organizationalPerson
> objectClass: inetOrgPerson
> facsimileTelephoneNumber: +1 313 764 5140
> mail: shs@krishna.team.com
> sn: shs
> userPassword: {KERBEROS}principal@REALM

If you're using the sasl-regexp above, you'd need the objectclass
'krb5Principal' and the attribute 'krb5PrincipalName' like this:

----- s n i p -----
objectClass: krb5Principal
krb5PrincipalName: principal@REALM
----- s n i p -----

Follow-Ups:
- Re: OpenLDAP with GSSAPI problem
  - From: "Shaick" <shaick_mlist1@lycos.co.uk>

References:
- OpenLDAP with GSSAPI problem
  - From: "Shaick" <shaick_mlist1@lycos.co.uk>

Prev by Date: Re: OpenLDAP 2.1 DN question
Next by Date: Re: Mapping userPassword to Kerberos 5
Index(es):
- Chronological
- Thread