[Date Prev][Date Next]
[Chronological]
[Thread]
[Top]
openldap build problem
We have been using Openldap on a old Tru64 machine for a couple of years
to glue our Oracle database and W2K Active Directory together. We're
moving the database to a Linux machine. I rebuilt the Openldap software
and it almost works. The Unix machines are in a MIT Kerberos Realm and a
trust exists between the MIT realm and the W2K Domain. The account I'm
running with on the Unix side is mapped to a Windows account.
Using the latest openssl, Cyrus SASL, and stable openldap source
packages I built everything in the same manner as before. I tested the
SASL code using the sample-client/server programs to make sure that
GSSAPI was working properly. I built openldap with --with-cyrus-sasl as
my only option.
When I test using ldapsearch I'm seeing the infamous
ldap_sasl_interactive_bind_s: message
$ ldapsearch -Y GSSAPI
SASL/GSSAPI authentication started
ldap_sasl_interactive_bind_s: Local error (-2)
My config files are set right. I see a logon/logoff to the AD domain
when I try the ldapsearch.
I get tickets from the Windows domain and from the domain controller I'm
attempting to query.
If I use -x I get the expected response from the domain controller.
Any ideas on what I might have missed?
al
--
Al Lilianstrom
CD/CSS/CSI
Al.Lilianstrom@fnal.gov