[Date Prev][Date Next] [Chronological] [Thread] [Top]

RE: Need SASL idiot-proof walkthrough





--On Friday, March 26, 2004 3:46 PM -0600 Digant Kasundra <digant@uta.edu> wrote:

I have done the sample-server and sample-client and successfully got to
the "Negotiation complete" part.  But OpenLDAP is still giving me
problems:

do_sasl_bind: dn () mech GSSAPI
SASL [conn=32] Failure: GSSAPI Error: Miscellaneous failure (see text)
(Decrypt integrity check failed)

The sasl tests work, kinit works, ???  I'm not sure what the problem could
be.  I do have an entry for dn: uid=digant,cn=people,dc=uta,dc=edu and my
slapd.conf file has the following:

(I do notice that the bind dn is "" which makes me think my sasl-regexp is
fubar.)

sasl-realm "KERB.UTA.EDU"
sasl-host labrador.kerb.uta.edu
sasl-regexp uid=(.*),cn=kerb.uta.edu,cn=gssapi,cn=auth
ldap:///uid=$1,cn=people,dc=uta,dc=edu??sub

This is definitely not a valid regexp.

First, run slapd as -d -1 and see what your bind instance is, that will probably help a bit.

Second, if you don't need to do a search down into the tree, which it looks like you don't, you could simply do:

sasl-regexp uid=(.*),cn=kerb.uta.edu,cn=gssapi,cn=auth uid=$1,cn=people,dc=uta,dc=edu

--Quanah


-- Quanah Gibson-Mount Principal Software Developer ITSS/TSS/Computing Systems ITSS/TSS/Infrastructure Operations Stanford University GnuPG Public Key: http://www.stanford.edu/~quanah/pgp.html