[Date Prev][Date Next] [Chronological] [Thread] [Top]

Re: Simple Binds / Invalid credentials



On 9/20/05, Karsten Gorling <kgorling@physik.tu-berlin.de> wrote:
> * Grant Carmichael <germanshorthairpointer@gmail.com> [050920 19:54]:
> > Hi everyone,
> >
> > I've been working on setting up an enterprise directory
> > using Heimdal Kerberos and OpenLDAP. The one part I'm stuck
> > on is getting simple binds to successfully use SASL to
> > authenticate against Kerberos.  Below I've add some of my
>
> Simple Binds doesn't use SASL at all. You have to go an indirect
> route:
>
> 1.) set the UserPassword-Entry to {sasl}user@REALM (you have done that
>  allready)
> 2.) start the saslauthd-Daemon on the same computer your
> directory-server runs on. Use as startup-Flag "-a kerberos5"
> 3.) Configure slapd to use the saslauthd-Daemon
>  -> search for the sasl2-Library Path usually in /usr/lib/sasl2 or
>  /usr/local/lib/sasl2
>  -> in this directory create a file slapd.conf with the following
>  content:
> SNIP-->
> pwcheck_method: saslauthd
> mech_list: gssapi
> --<SNAP
> 4.) (Don't know, if its neccessary) Restart slapd

I've had 1, 2, done.  I for step 3 I added mech_list: gssapi to my
/usr/local/lib/sasl2/slapd.conf and I still get the following error
after restarting kdc, slapd, and saslauthd -a kerberos5:

/usr/local/bin/ldapsearch -x -D
"uid=235807,ou=people,dc=shorter,dc=edu" -w somepass -b
"ou=people,dc=shorter,dc=edu" uid
ldap_bind: Invalid credentials (49)

Any other ideas?