[Date Prev][Date Next] [Chronological] [Thread] [Top]

Re: openldap build problem



Howard Chu wrote:
Al Lilianstrom wrote:

We have been using Openldap on a old Tru64 machine for a couple of years to glue our Oracle database and W2K Active Directory together. We're moving the database to a Linux machine. I rebuilt the Openldap software and it almost works. The Unix machines are in a MIT Kerberos Realm and a trust exists between the MIT realm and the W2K Domain. The account I'm running with on the Unix side is mapped to a Windows account.

Using the latest openssl, Cyrus SASL, and stable openldap source packages I built everything in the same manner as before. I tested the SASL code using the sample-client/server programs to make sure that GSSAPI was working properly. I built openldap with --with-cyrus-sasl as my only option.

When I test using ldapsearch I'm seeing the infamous ldap_sasl_interactive_bind_s: message

$ ldapsearch -Y GSSAPI
SASL/GSSAPI authentication started
ldap_sasl_interactive_bind_s: Local error (-2)

My config files are set right. I see a logon/logoff to the AD domain when I try the ldapsearch.

I get tickets from the Windows domain and from the domain controller I'm attempting to query.

If I use -x I get the expected response from the domain controller.

Any ideas on what I might have missed?

See ITS#4102.


Howard,

Thank you!

That was it. I pulled the previous version of cyrus.c out of cvs and rebuilt openldap. Initial tests look great.

I'm not sure how I missed this in my search of the openldap site today.

	Thanks again, al

--

Al Lilianstrom
CD/CSS/CSI
al.lilianstrom@fnal.gov