[Date Prev][Date Next] [Chronological] [Thread] [Top]

Re: Openldap using Active Directory Kerberos password

To: tuliol@sybatech.com
Subject: Re: Openldap using Active Directory Kerberos password
From: Frank Swasey <Frank.Swasey@uvm.edu>
Date: Mon, 28 Jun 2004 07:45:02 -0400 (EDT)
Cc: openldap-software@OpenLDAP.org
In-reply-to: <1088169480.40dc26089ec46@portal.sybatech.com>
References: <1088025680.40d9f4502cbc5@portal.sybatech.com> <Pine.WNT.4.60.0406240854490.3476@SOFDL01.pnzchf.nq.hiz.rqh> <1088093529.40dafd590e441@portal.sybatech.com> <1088169480.40dc26089ec46@portal.sybatech.com>

On Fri, 25 Jun 2004 at 8:18am, tuliol@sybatech.com wrote:

> I got the OS to successfully used the MS AD kerberos password.
> Then I have the following in slapd.conf:

Good.

> userPassword: {KERBEROS}stest75@AD.INST.EDU
>
> Then when I try to do a bind using this account it fails.

Oops!  You want that to be {SASL}stest75@AD.INST.EDU.  You are having
OpenLDAP use SASL and the saslauthd program will use Kerberos.

Did you set up the /usr/lib/sasl2/slapd.conf file?  It should have the
"pwcheck_methid: saslauthd" line (possibly a "saslauthd_path:" directive
too)

Frank

> Any ideas?
>
> Tulio
>
>
> Quoting tuliol@sybatech.com:
>
> > Frank,
> > Thanks for your reply.  My OS (Redhat AS) currently is using local accounts
> > and
> > not kerberos.  Is that the first step?  How do I figure out what the Kerberos
> >
> > realm is for the MS AD?  Do you have instructions on how to configure slapd
> > to
> > use saslauth once the os is ready?
> >
> > Thanks again
> >
> > Quoting Frank Swasey <Frank.Swasey@uvm.edu>:
> >
> > > On Wed, 23 Jun 2004 at 4:21pm, tuliol@sybatech.com wrote:
> > >
> > > > I am trying to use the kerberos password found in Microsoft active
> > > > directory as the userPassword for my Openldap directory.  Has anybody
> > > > been sucessful in setting this up?
> > > >
> > > > Any help would be greatly apprectiated.
> > >
> > > Have you successfully configured your OS to use the MS AD Kerberos
> > > password?  If so, you should be able to configure it the same we several
> > > of us have to talk to either Heimdal or MIT K5 KDC's (using
> > > {SASL}principal@realm as the userPassword value and configuring slapd to
> > > use saslauthd).
> > >
> > > --
> > > Frank Swasey                    | http://www.uvm.edu/~fcs
> > > Systems Programmer              | Always remember: You are UNIQUE,
> > > University of Vermont           |    just like everyone else.
> > >          === God bless all inhabitants of your planet ===
> > >
> >
> >
> >
> >
> >
>
>
>
>

-- 
Frank Swasey                    | http://www.uvm.edu/~fcs
Systems Programmer              | Always remember: You are UNIQUE,
University of Vermont           |    just like everyone else.
        === God bless all inhabitants of your planet ===

References:
- Openldap using Active Directory Kerberos password
  - From: tuliol@sybatech.com
- Re: Openldap using Active Directory Kerberos password
  - From: Frank Swasey <Frank.Swasey@uvm.edu>
- Re: Openldap using Active Directory Kerberos password
  - From: tuliol@sybatech.com
- Re: Openldap using Active Directory Kerberos password
  - From: tuliol@sybatech.com

Prev by Date: Re: OpenLDAP & Back-LDBM: Backups to a tape drive.
Next by Date: Question on LDAP Client
Index(es):
- Chronological
- Thread