[Date Prev][Date Next]
[Chronological]
[Thread]
[Top]
Re: Getting SASL working
--On Thursday, December 30, 2004 1:08 PM -0600 Jonathan Reeder
<jreeder@nscnet.com> wrote:
I've got a working OpenLDAP 2.2 running, and I can use simple binds to
both modify and query the directory. However, I'm getting an error when
I try to bind with SASL. The error is:
# ldapsearch -b "dc=mydomain,dc=com" "(objectclass=*)"
ldap_sasl_interactive_bind_s: No such object
I have an ldap-readable keytab with a single principle -
ldap/fqdn@MYREALM.COM and I've defined KRB5_KTNAME in my environment. I
also have my rootdn set up to be "uid=ldapadmin,cn=gssapi,cn=auth". I
can kinint ldapadmin, receive the ticket, but then I get that "No such
object" error when I try to run an ldapsearch.
Any pointers? Thanks a bunch.
You are missing the Kerberos domain component. The identity coming in will
be:
uid=ldapadmin,cn=<Kerberos domain>, cn=gssapi, cn=auth
For example, my SASL DN comes in as:
uid=quanah,cn=stanford.edu,cn=gssapi,cn=auth
--Quanah
--
Quanah Gibson-Mount
Principal Software Developer
ITSS/Shared Services
Stanford University
GnuPG Public Key: http://www.stanford.edu/~quanah/pgp.html
"These censorship operations against schools and libraries are stronger
than ever in the present religio-political climate. They often focus on
fantasy and sf books, which foster that deadly enemy to bigotry and blind
faith, the imagination." -- Ursula K. Le Guin