[Date Prev][Date Next]
[Chronological]
[Thread]
[Top]
LDAP, SASL2, and KERBEROS5
Hi,
Got this error,
SASL/GSSAPI authentication started
ldap_sasl_interactive_bind_s: Internal (implementation specific) error (80)
additional info: SASL(-1): generic failure: GSSAPI Error:
Miscellaneous failure (No such
file or directory)
with commands:
[root@otr ssh] ldapsearch -H ldap:/// -b "dc=example,dc=com" ( w/ SASL,
NO SSL)
[root@otr ssh] ldapsearch -H ldaps:/// -b "dc=example,dc=com" (w/ SASL,
w/ SSL)
[root@otr ssh] ldapsearch -H ldap:/// -ZZ -b "dc=example,dc=com"
(w/SASL,w/SSL)
I get correct (no error like above) results with:
[root@otr ssh] ldapsearch -H ldap:/// -b "dc=example,dc=com" -x (no
SASL, no SSL)
[root@otr ssh] ldapsearch -H ldaps:/// -b "dc=example,dc=com" -x (no
SASL,w/SSL)
[root@otr ssh] ldapsearch -H ldap:/// -ZZ -b "dc=example,dc=com" -x (no
SASL,w/SSL)
I tested GSSAPI/Kerberos5 with SASL as follows:
Server side:
[root@otr ssh]sasl2-sample-server -s host
trying 10, 1, 6
....
....
accepted new connection
send: {48}
PLAIN LOGIN DIGEST-MD5 CRAM-MD5 GSSAPI ANONYMOUS
... lots of characters
...
successful authentication 'oscar'
closing connection
On client side:
[oscarp@otr oscarp]$ kinit oscar
Password for oscar@NOY.COM.AU:
[oscarp@otr oscarp]$ sasl2-sample-client -s host -m GSSAPI otr.noy.com.au
receiving capability list... recv: {48}
PLAIN LOGIN DIGEST-MD5 CRAM-MD5 GSSAPI ANONYMOUS
PLAIN LOGIN DIGEST-MD5 CRAM-MD5 GSSAPI ANONYMOUS
please enter an authorization id: oscar
.... lots of characters
successful authentication
closing connection
So, SASL/GSSAPI/Kerberos works with test but
does not work with 'ldapsearch' (Openldap)
I have this on my Linux :
[oscarp@otr oscarp]$ rpm -qa | grep sasl
cyrus-sasl-devel-2.1.19-1
cyrus-sasl-gssapi-2.1.19-1
cyrus-sasl-md5-2.1.19-1
cyrus-sasl-2.1.19-1
cyrus-sasl-plain-2.1.19-1
[oscarp@otr oscarp]$ rpm -qa | grep openldap
openldap-devel-2.1.22-8
openldap-clients-2.1.22-8
openldap-servers-2.1.22-8
openldap-2.1.22-8
[oscarp@otr oscarp]$ rpm -qa | grep krb5
krb5-devel-1.3.4-1
krb5-server-1.3.4-1
krb5-workstation-1.3.4-1
pam_krb5-2.0.4-1
krb5-libs-1.3.4-1
$[oscarp@otr oscarp]$ rpm -qa | grep openssl
openssl-0.9.7a-23
openssl-devel-0.9.7a-23
[oscarp@otr oscarp]$
[oscarp@otr oscarp]$ ldapsearch -H ldap:/// -b "" supportedSASLMechanims -x
# extended LDIF
#
# LDAPv3
# base <> with scope sub
# filter: (objectclass=*)
# requesting: supportedSASLMechanims
#
# search result
search: 2
result: 32 No such object
# numResponses: 1
[oscarp@otr oscarp]$
Can someone point me into where I'll
check to fix this problem ? Thanks.
O Plameras