Re: Preauth error ldap heimdal kerberos

[Dan White <dwhite@olp.net>]

On 22/03/10 18:29 +0200, Μανόλης Βλαχάκης wrote:
> on the ldapwhoami command i get:
>
> *SASL/GSSAPI authentication started*
> *SASL username: kadmin/admin@TEIPIR.GR*
> *SASL SSF: 56*
> *SASL data security layer installed.*
> *dn:krb5PrincipalName=kadmin/admin@TEIPIR.GR,ou=kerberos,dc=teipir,dc=gr*
> *
> *
> *
> *
> on the other hand without mapping we get :
>
> SASL/GSSAPI authentication started
> SASL username: kadmin/admin@TEIPIR.GR
> SASL SSF: 56
> SASL data security layer installed.
> dn:uid=kadmin/admin,cn=gssapi,cn=auth

Looks good.

Do you have an authz-policy set?

> +
>
> with the ACL set :
> *access to * by * write*
> *            by * read*
> *            by * auth*
> *
> *
> 1)i get all the time the value
> gidNumber=0+uidNumber=0,cn=peercred,cn=external,cn=auth
> 2)and the uid value remains empty....

That looks like UNIX domain socket via an ldapi connection, by the root
user (or a user with UID of 0).

You should probably have a mapping for it as well. I map root to the admin
user on my system.

--
Dan White