[Date Prev][Date Next] [Chronological] [Thread] [Top]

RE: OpenLDAP with GSSAPI problem

To: "'Shaick'" <shaick_mlist1@lycos.co.uk>, "'Kent Soper'" <dksoper@us.ibm.com>
Subject: RE: OpenLDAP with GSSAPI problem
From: "Howard Chu" <hyc@highlandsun.com>
Date: Thu, 7 Aug 2003 12:11:57 -0700
Cc: <openldap-software@OpenLDAP.org>
Importance: Normal
In-reply-to: <03cf01c35d17$8be334a0$190110ac@shsco>

> -----Original Message-----
> From: Shaick [mailto:shaick_mlist1@lycos.co.uk]

> Hello Howard,
>
>     Thanks for your detailed email.
>
> The sample-client and sample-server is working fine with SASL GSSAPI
> Here is output of sample server client test,
> # ./sample-server -s host -p ../plugins/.libs
...
> # ./sample-client -s host -n krishna.kovaiteam.com -u arun-p
> ../plugins/.libs
...
> So the SASL GSSAPI with working fine. Is this correct?

Try again with "-s ldap" instead, since slapd is using the ldap service.

> So what else could be the problem,I thing configuration part?
>
> I did the following for gssapi test.
>
> 1. Modify  "userPassword" in LDIF file as,
> userPassword: {KERBEROS}principal@REALM

This step is unnecessary for SASL/GSSAPI. Ignore whatever document you read
that told you to do it; that document is wrong.

> 2. Add the user in Kerberos REALM (say s001)
>
> 3. kinit s001
>
> 4. ./ldapsearch -Y GSSAPI -U s001

Don't use "-U s001"; the GSSAPI mechanism already knows what your Kerberos
username is since it's embedded in your TGT.
>
> Please I let me know if i miss any thing in step.

  -- Howard Chu
  Chief Architect, Symas Corp.       Director, Highland Sun
  http://www.symas.com               http://highlandsun.com/hyc
  Symas: Premier OpenSource Development and Support

Follow-Ups:
- Re: OpenLDAP with GSSAPI problem
  - From: Turbo Fredriksson <turbo@bayour.com>

References:
- Re: OpenLDAP with GSSAPI problem
  - From: "Shaick" <shaick_mlist1@lycos.co.uk>

Prev by Date: Re: OpenLDAP with GSSAPI problem
Next by Date: Re: unlimited Sizelimit
Index(es):
- Chronological
- Thread