[Date Prev][Date Next]
[Chronological]
[Thread]
[Top]
Re: Simple Binds / Invalid credentials
On 9/20/05, Karsten Gorling <kgorling@physik.tu-berlin.de> wrote:
> * Grant Carmichael <germanshorthairpointer@gmail.com> [050920 19:54]:
> > Hi everyone,
> >
> > I've been working on setting up an enterprise directory
> > using Heimdal Kerberos and OpenLDAP. The one part I'm stuck
> > on is getting simple binds to successfully use SASL to
> > authenticate against Kerberos. Below I've add some of my
>
> Simple Binds doesn't use SASL at all. You have to go an indirect
> route:
>
> 1.) set the UserPassword-Entry to {sasl}user@REALM (you have done that
> allready)
> 2.) start the saslauthd-Daemon on the same computer your
> directory-server runs on. Use as startup-Flag "-a kerberos5"
> 3.) Configure slapd to use the saslauthd-Daemon
> -> search for the sasl2-Library Path usually in /usr/lib/sasl2 or
> /usr/local/lib/sasl2
> -> in this directory create a file slapd.conf with the following
> content:
> SNIP-->
> pwcheck_method: saslauthd
> mech_list: gssapi
> --<SNAP
> 4.) (Don't know, if its neccessary) Restart slapd
I've had 1, 2, done. I for step 3 I added mech_list: gssapi to my
/usr/local/lib/sasl2/slapd.conf and I still get the following error
after restarting kdc, slapd, and saslauthd -a kerberos5:
/usr/local/bin/ldapsearch -x -D
"uid=235807,ou=people,dc=shorter,dc=edu" -w somepass -b
"ou=people,dc=shorter,dc=edu" uid
ldap_bind: Invalid credentials (49)
Any other ideas?