[Date Prev][Date Next] [Chronological] [Thread] [Top]

Re: LDAP Client & Server with Kerberos





--On January 7, 2008 12:06:40 AM -0800 sanjay gupta <sanjay_cs1983@yahoo.com> wrote:




ldapsearch with debugging enabled and see what it's doing :-

[root@localhost tools]# ./ldapsearch -Y GSSAPI  -d  1
ldap_create
ldap_sasl_interactive_bind_s: user selected: GSSAPI
ldap_int_sasl_bind: GSSAPI
ldap_new_connection 1 1 0
ldap_int_open_connection
ldap_connect_to_host: TCP 127.0.0.1:389
ldap_new_socket: 3
ldap_prepare_socket: 3
ldap_connect_to_host: Trying 127.0.0.1:389
ldap_connect_timeout: fd: 3 tm: -1 async: 0
ldap_int_sasl_open: host=localhost.localdomain
ldap_perror
ldap_sasl_interactive_bind_s: Unknown authentication method (-6)
        additional info: SASL(-4): no mechanism available: No worthy
mechs found

It seems that LDAP server has not  GSSAPI available.

So how can we add GSSAPI support in LDAP server for making it work??

SASL mechanism support is determined by what mechanisms Cyrus-sasl has available to it. Install the appropriate SASL mechansisms package on your particular distribution, or if you are building it yourself, make sure you've built cyrus-sasl against a Kerberos implementation.


--Quanah

--

Quanah Gibson-Mount
Principal Software Engineer
Zimbra, Inc
--------------------
Zimbra ::  the leader in open source messaging and collaboration