[Date Prev][Date Next] [Chronological] [Thread] [Top]

Re: openldap + kerberos simple bind invalid credentials

To: Karen R McArthur <kmcarthu@bates.edu>
Subject: Re: openldap + kerberos simple bind invalid credentials
From: Howard Chu <hyc@symas.com>
Date: Wed, 15 Feb 2006 17:41:08 -0800
Cc: OpenLDAP-software@OpenLDAP.org
In-reply-to: <43F351C2.6010106@bates.edu>
References: <43F351C2.6010106@bates.edu>
User-agent: Mozilla/5.0 (Windows; U; Windows NT 5.1; en-US; rv:1.9a1) Gecko/20060209 SeaMonkey/1.5a Mnenhy/0.7.3.0

Karen R McArthur wrote:

krb5-libs 1.2.5
openldap 2.2.15
cyrus-sasl 2.1.10
(will be upgrading to latest stable releases this summer)
I am attempting to enable simple binds through ldap for some applications. All of our passwords are stored in a kerberos database, all of our users have the userPassword field populated with {SASL}uid@REALM.EXAMPLE.COM, and krb5PrincipleName populated with uid@REALM.EXAMPLE.COM. I am getting no entries in my krb5kdc.log file - indicating to me that the simple bind is not even trying to query the kerberos database. I'm leaning toward the possibility that my sasl-regexp is wrong or that one of my configuration files is missing a parameter. Any ideas?

/usr/local/etc/saslauthd.conf
ldap_servers: ldap://127.0.0.1/
ldap_bind_dn: <proxy user DN>
ldap_bind_pw: <proxy user password>
ldap_auth_method: fastbind
ldap_search_base: dc=example,dc=com

Since your objective is to use saslauthd to allow authentication against a Kerberos database, configuring saslauthd to use LDAP is going to be highly unproductive.

--
 -- Howard Chu
 Chief Architect, Symas Corp.  http://www.symas.com
 Director, Highland Sun        http://highlandsun.com/hyc
 OpenLDAP Core Team            http://www.openldap.org/project/

References:
- openldap + kerberos simple bind invalid credentials
  - From: Karen R McArthur <kmcarthu@bates.edu>

Prev by Date: Re: TLS fails
Next by Date: Re: TLS fails
Index(es):
- Chronological
- Thread