[Date Prev][Date Next] [Chronological] [Thread] [Top]

Re: LDAP + Kerberos not allowing simple binds



Robert wrote:

"Jose Gonzalez Gomez" <jgonzalez@opentechnet.com> wrote in message
411E3889.5080205@opentechnet.com">news:411E3889.5080205@opentechnet.com...


Robert wrote:

I should check with my installation (I won't be able to do that
until monday, probably) but I think you need a file in
/etc/sasl2/slapd.conf (or something similar) indicating the mechanism to
use... if you use Kerberos you could probably use saslauthd as the
mechanism and then set saslauthd to check passwords against Kerberos
(saslauthd -a kerberos)... check this by yourself, as I'm typing without
looking at the docs, and my memory is horrible.



I am running saslauthd with the -a kerberos option, but the thing is that if I testsaslauthd using my kerberos principal and password, authentication fails every time.



Then you should make that work before trying to use the {SASL} in userPassword. Have you taken a look at log files? I think you may run saslauthd with some verbose flag (-v?) so you may see the result of the authentication attempt. You may also look at the log files generated by sasl to see the cause of failed authentications.