[Date Prev][Date Next]
[Chronological]
[Thread]
[Top]
Re: Need SASL idiot-proof walkthrough
Hi,
Digant Kasundra <digant@uta.edu> writes:
> I have done the sample-server and sample-client and successfully got to the
> "Negotiation complete" part. But OpenLDAP is still giving me problems:
>
> do_sasl_bind: dn () mech GSSAPI
> SASL [conn=32] Failure: GSSAPI Error: Miscellaneous failure (see text)
> (Decrypt integrity check failed)
[...]
> (I do notice that the bind dn is "" which makes me think my sasl-regexp is
> fubar.)
>
> sasl-realm "KERB.UTA.EDU"
> sasl-host labrador.kerb.uta.edu
> sasl-regexp uid=(.*),cn=kerb.uta.edu,cn=gssapi,cn=auth
> ldap:///uid=$1,cn=people,dc=uta,dc=edu??sub
As I mentioned in my other mail, cyrus-sasl sometimes is quite case
sensitive. Either set sasl-realm to lower case, or define sasl realm
in your sasl-regexp in upper case.
-Dieter
--
Dieter Kluenter | Systemberatung
Tel:040.64861967 | Fax: 040.64891521
mailto: dkluenter(at)dkluenter.de
http://www.avci.de