[Date Prev][Date Next] [Chronological] [Thread] [Top]

Re: SASL GSSAPI authentication error -please help



At 02:09 PM 8/19/2004, Turbo Fredriksson wrote:
>Quoting "Mohan" <mohan@roomsnet.com>:
>> I added the following line to slapd.conf
>> 
>> rootdn          "uid=ldapadmin,cn=RMSNET.COM,cn=gssapi,cn=auth"
>
>Remove this (and add ACL/ACI's instead).

why?


>> pdc:~# ldapsearch
>> SASL/GSSAPI authentication started
>> ldap_sasl_interactive_bind_s: Invalid credentials (49)
>>         additional info: SASL(-13): authentication failure: GSSAPI Failure:
>> gss_accept_sec_context
>
>
>Try to run 'ldapwhoami'.

Wise to always start with ldapwhoami(8) when toying with IDs.
I suspect it would show the same error as it part of the
authentication exchange.

>You will need a 'sasl-regexp' in your slapd.conf file.

Not so.  Authentication DNs may be used as authorization
DNs, if so desired.

>sasl-regexp
>        uid=(.*),cn=(.*),cn=gssapi,cn=auth
>        ldap:///dc=$2,dc=com??sub?(uid=$1)
>
>This just from the top of my head...