[Date Prev][Date Next] [Chronological] [Thread] [Top]

Re: SASL GSSAPI authentication error -please help

To: Turbo Fredriksson <turbo@bayour.com>
Subject: Re: SASL GSSAPI authentication error -please help
From: "Kurt D. Zeilenga" <Kurt@OpenLDAP.org>
Date: Thu, 19 Aug 2004 19:10:51 +0200
Cc: openldap-software@OpenLDAP.org
In-reply-to: <87hdqzjpmv.fsf@papadoc.bayour.com>
References: <1092758250.7829.56.camel@d80h243> <7C20A8E3698A13EC493F5CE7@cadabra.stanford.edu> <00bb01c485a5$d7237620$03cb7893@mohan> <87hdqzjpmv.fsf@papadoc.bayour.com>

At 02:09 PM 8/19/2004, Turbo Fredriksson wrote:
>Quoting "Mohan" <mohan@roomsnet.com>:
>> I added the following line to slapd.conf
>> 
>> rootdn          "uid=ldapadmin,cn=RMSNET.COM,cn=gssapi,cn=auth"
>
>Remove this (and add ACL/ACI's instead).

why?


>> pdc:~# ldapsearch
>> SASL/GSSAPI authentication started
>> ldap_sasl_interactive_bind_s: Invalid credentials (49)
>>         additional info: SASL(-13): authentication failure: GSSAPI Failure:
>> gss_accept_sec_context
>
>
>Try to run 'ldapwhoami'.

Wise to always start with ldapwhoami(8) when toying with IDs.
I suspect it would show the same error as it part of the
authentication exchange.

>You will need a 'sasl-regexp' in your slapd.conf file.

Not so.  Authentication DNs may be used as authorization
DNs, if so desired.

>sasl-regexp
>        uid=(.*),cn=(.*),cn=gssapi,cn=auth
>        ldap:///dc=$2,dc=com??sub?(uid=$1)
>
>This just from the top of my head...

References:
- SASL & ACLs
  - From: "Matthew J. Smith" <matt.smith@uconn.edu>
- Re: SASL & ACLs
  - From: Quanah Gibson-Mount <quanah@stanford.edu>
- SASL GSSAPI authentication error -please help
  - From: "Mohan" <mohan@roomsnet.com>
- Re: SASL GSSAPI authentication error -please help
  - From: Turbo Fredriksson <turbo@bayour.com>

Prev by Date: Benchmark/query scripts - FAO Quanah Gibson-Mount
Next by Date: Re: Newbie search question - Help!
Index(es):
- Chronological
- Thread