[Date Prev][Date Next] [Chronological] [Thread] [Top]

RE: OpenLDAP with GSSAPI problem

To: <openldap-software@OpenLDAP.org>
Subject: RE: OpenLDAP with GSSAPI problem
From: atristan@acacia.ucr.edu (Andrew Tristan)
Date: Thu, 7 Aug 2003 11:16:17 -0700
In-reply-to: "Howard Chu" <hyc@highlandsun.com> "RE: OpenLDAP with GSSAPI problem" (Aug 7, 10:54am)

-- On Aug 7, 10:54am, "Howard Chu" wrote:
> 
> As always, make sure you can get the Cyrus sample client and server working
> before you attempt to use SASL with OpenLDAP. In the case of GSSAPI, make
> sure your other Kerberized servers work first. Generally things fail here
> because:
>   1) slapd doesn't have access to the Kerberos keytab
>   2) the LDAP service key isn't present in the Kerberos keytab
>   3) the Kerberos realm that slapd is set for doesn't match the client's
> realm
> 
>   -- Howard Chu
>   Chief Architect, Symas Corp.       Director, Highland Sun
>   http://www.symas.com               http://highlandsun.com/hyc
>   Symas: Premier OpenSource Development and Support
-- End of excerpt from "Howard Chu" --

Having just spent a couple of days working on sasl+kerberos+slapd, I
can verify that it does work.  The cyrus docs are required reading
(particularly cyrus-sasl-2.1.14/doc/gssapi.html, which describes
getting the sample server and client working with gssapi).  The only
real problem I had was with Sun's seam stuff interfering with the
compile of cyrus-sasl.
A

-- 
andrew.tristan@ucr.edu                Unix Systems Group UC, Riverside

Prev by Date: unlimited Sizelimit
Next by Date: removing a field from ldap entry
Index(es):
- Chronological
- Thread