[Date Prev][Date Next]
[Chronological]
[Thread]
[Top]
Re: ldap simple bind with kerberos passwords
Karen R McArthur wrote:
This issue involves ldap-kerberos integration. I'm not sure if this
is a kerberos or an ldap configuration problem so have sent it both to
the openldapldap-software and the kerberos lists.
openldap-2.2.15-2; krb5-libs-1.2.5-15; cyrus-sasl-2.1.10-1
Passwords are stored in the kerberos database. All passwords in ldap
are set to {SASL}principle@REALM (I've also tried
{KERBEROS}principle@REALM). All ldap "People" have a kerberos record
and also the "krb5Principal" objectClass.
The keytabs ldap/<FQDN>@REALM, host/<FQDN>@REALM, cvs/<FQDN>@REALM,
and svn/<FQDN>@REALM all exist.
I can authenticate to all of my Linux servers. Most of my
applications are authenticating with no problems. However, those
application that are not kerberos aware and require a simple ldap bind
are not authenticating. (for example, subversion).
Is this an ldap configuration issue? Or is it kerberos? Any ideas
would be greatly appreciated!
Most likely an LDAP or SASL configuration issue. First you have to make
sure OpenLDAP was configure'd with --enable-spasswd otherwise {SASL}
password schemes are ignored. The {KERBEROS} password scheme was dropped
a long time ago so {SASL} is your only choice. It will only work here if
you have saslauthd configured to do Kerberos authentication, and you
must configure slapd to use saslauthd.
I'll note that all of your software versions are quite out of date;
you'd do well to upgrade to current versions.
--
-- Howard Chu
Chief Architect, Symas Corp. http://www.symas.com
Director, Highland Sun http://highlandsun.com/hyc
OpenLDAP Core Team http://www.openldap.org/project/