[Date Prev][Date Next] [Chronological] [Thread] [Top]

Re: Need SASL idiot-proof walkthrough



Hi,

Digant Kasundra <digant@uta.edu> writes:

> I have done the sample-server and sample-client and successfully got to the
> "Negotiation complete" part.  But OpenLDAP is still giving me problems:
>
> do_sasl_bind: dn () mech GSSAPI
> SASL [conn=32] Failure: GSSAPI Error: Miscellaneous failure (see text)
> (Decrypt integrity check failed)
[...]
> (I do notice that the bind dn is "" which makes me think my sasl-regexp is
> fubar.) 
>
> sasl-realm "KERB.UTA.EDU"
> sasl-host labrador.kerb.uta.edu
> sasl-regexp uid=(.*),cn=kerb.uta.edu,cn=gssapi,cn=auth
> ldap:///uid=$1,cn=people,dc=uta,dc=edu??sub

As I mentioned in my other mail, cyrus-sasl sometimes is quite case
sensitive. Either set sasl-realm to lower case, or define sasl realm
in your sasl-regexp in upper case.

-Dieter

-- 
Dieter Kluenter  | Systemberatung
Tel:040.64861967 | Fax: 040.64891521
mailto: dkluenter(at)dkluenter.de
http://www.avci.de