[Date Prev][Date Next] [Chronological] [Thread] [Top]

LDAP, SASL2, and KERBEROS5



Hi,

Got this error,

SASL/GSSAPI authentication started
ldap_sasl_interactive_bind_s: Internal (implementation specific) error (80)
additional info: SASL(-1): generic failure: GSSAPI Error: Miscellaneous failure (No such
file or directory)


with commands:
[root@otr ssh] ldapsearch -H ldap:/// -b "dc=example,dc=com" ( w/ SASL, NO SSL)
[root@otr ssh] ldapsearch -H ldaps:/// -b "dc=example,dc=com" (w/ SASL, w/ SSL)
[root@otr ssh] ldapsearch -H ldap:/// -ZZ -b "dc=example,dc=com" (w/SASL,w/SSL)


I get correct (no error like above) results with:
[root@otr ssh] ldapsearch -H ldap:/// -b "dc=example,dc=com" -x (no SASL, no SSL)
[root@otr ssh] ldapsearch -H ldaps:/// -b "dc=example,dc=com" -x (no SASL,w/SSL)
[root@otr ssh] ldapsearch -H ldap:/// -ZZ -b "dc=example,dc=com" -x (no SASL,w/SSL)


I tested GSSAPI/Kerberos5 with SASL as follows:

Server side:

[root@otr ssh]sasl2-sample-server -s host
trying 10, 1, 6
....
....
accepted new connection
send: {48}
PLAIN LOGIN DIGEST-MD5 CRAM-MD5 GSSAPI ANONYMOUS
... lots of  characters
...
successful authentication 'oscar'
closing connection

On client side:
[oscarp@otr oscarp]$ kinit oscar
Password for oscar@NOY.COM.AU:
[oscarp@otr oscarp]$ sasl2-sample-client -s host -m GSSAPI otr.noy.com.au
receiving capability list... recv: {48}
PLAIN LOGIN DIGEST-MD5 CRAM-MD5 GSSAPI ANONYMOUS
PLAIN LOGIN DIGEST-MD5 CRAM-MD5 GSSAPI ANONYMOUS
please enter an authorization id: oscar

.... lots of characters
successful authentication
closing connection

So, SASL/GSSAPI/Kerberos works with test but
does not work with 'ldapsearch' (Openldap)

I have this on my Linux :

[oscarp@otr oscarp]$ rpm -qa | grep sasl
cyrus-sasl-devel-2.1.19-1
cyrus-sasl-gssapi-2.1.19-1
cyrus-sasl-md5-2.1.19-1
cyrus-sasl-2.1.19-1
cyrus-sasl-plain-2.1.19-1
[oscarp@otr oscarp]$ rpm -qa | grep openldap
openldap-devel-2.1.22-8
openldap-clients-2.1.22-8
openldap-servers-2.1.22-8
openldap-2.1.22-8
[oscarp@otr oscarp]$ rpm -qa | grep krb5
krb5-devel-1.3.4-1
krb5-server-1.3.4-1
krb5-workstation-1.3.4-1
pam_krb5-2.0.4-1
krb5-libs-1.3.4-1
$[oscarp@otr oscarp]$ rpm -qa | grep openssl
openssl-0.9.7a-23
openssl-devel-0.9.7a-23
[oscarp@otr oscarp]$

[oscarp@otr oscarp]$ ldapsearch -H ldap:/// -b "" supportedSASLMechanims -x
# extended LDIF
#
# LDAPv3
# base <> with scope sub
# filter: (objectclass=*)
# requesting: supportedSASLMechanims
#

# search result
search: 2
result: 32 No such object

# numResponses: 1
[oscarp@otr oscarp]$

Can someone point me into where I'll
check to fix this problem ? Thanks.

O Plameras