[Date Prev][Date Next] [Chronological] [Thread] [Top]

openldap build problem

To: OpenLDAP-software@OpenLDAP.org
Subject: openldap build problem
From: Al Lilianstrom <al.lilianstrom@fnal.gov>
Date: Thu, 03 Nov 2005 15:14:41 -0600
User-agent: Thunderbird 1.4 (Windows/20050908)

We have been using Openldap on a old Tru64 machine for a couple of years to glue our Oracle database and W2K Active Directory together. We're moving the database to a Linux machine. I rebuilt the Openldap software and it almost works. The Unix machines are in a MIT Kerberos Realm and a trust exists between the MIT realm and the W2K Domain. The account I'm running with on the Unix side is mapped to a Windows account.

Using the latest openssl, Cyrus SASL, and stable openldap source packages I built everything in the same manner as before. I tested the SASL code using the sample-client/server programs to make sure that GSSAPI was working properly. I built openldap with --with-cyrus-sasl as my only option.

When I test using ldapsearch I'm seeing the infamous ldap_sasl_interactive_bind_s: message

$ ldapsearch -Y GSSAPI
SASL/GSSAPI authentication started
ldap_sasl_interactive_bind_s: Local error (-2)

My config files are set right. I see a logon/logoff to the AD domain when I try the ldapsearch.

I get tickets from the Windows domain and from the domain controller I'm attempting to query.

If I use -x I get the expected response from the domain controller.

Any ideas on what I might have missed?

al

--

Al Lilianstrom
CD/CSS/CSI
Al.Lilianstrom@fnal.gov

Follow-Ups:
- Re: openldap build problem
  - From: Howard Chu <hyc@symas.com>

Prev by Date: Re: big delete, big performance drop
Next by Date: Hi,
Index(es):
- Chronological
- Thread