|
Good morning list,
I have been working on implementing an OpenLDAP
solution for quite a while now and everything was working OK. However I
have had cause to recompile all my software due to some problems I had when I
installed a Solaris 8 Patch Cluster which broke all the OpenLDAP
stuff.
The following packages are installed in
/usr/local:
MIT Kerberos
(1.2.8)
Cyrus-SASL (2.1.15) (with a
symlink to /usr/local/lib/sasl2 in /usr/lib)
OpenLDAP (2.1.22)
Berkerkley DB is installed in /usr
I have now got everything up and running again,
e.g. Kerberos & OpenLDAP and I can get tickets from the Kerberos
server. I can also check the mechanisms that the LDAP server is supporting
(which includes GSSAPI), however I have an annoying problem that I hope someone
might be able to point me in the right direction with.
When I run ldapsearch with an SASL bind I get the
following error:
SASL/GSSAPI authentication
started
ldap_sasl_interactive_bind_s:
Internal (implementation specific) error (80)
additional info: SASL (-1): generic failure: GSSAPI Failure
(could not get major error message)
As you can see it is not very easy to understand
what is going on here due to the lack of error message.
In addition to this, when I am running slapd in
debug mode I can see the following:
do_sasl_bind: dn () mech
GSSAPI
SASL [conn=1] Failure: GSSAPI
Failure (could not get major error message)
I have through all the settings and everything
appears to be correct, e.g. server names and ports etc. One interesting
thing is that before I have been able to see the Kerberos ticket translated into
an LDAP DN (through the regexp in the slapd.conf file) but I am now not seeing
this. I do not know if this is related or not.
Has anyone got any ideas on this one? I
would be most grateful for anything (getting the error message would be a
start).
Thanks very much in advance.
Regards, Russell Seymour
|