[Date Prev][Date Next]
[Chronological]
[Thread]
[Top]
Re: Kerberized LDAP not accessible
- To: Thomas Schweikle <tps@vr-web.de>
- Subject: Re: Kerberized LDAP not accessible
- From: Brian Candler <B.Candler@pobox.com>
- Date: Fri, 21 Jan 2011 12:15:59 +0000
- Cc: openldap-technical@openldap.org
- Content-disposition: inline
- Dkim-signature: v=1; a=rsa-sha1; c=relaxed; d=pobox.com; h=date:from:to :cc:subject:message-id:references:mime-version:content-type :in-reply-to; s=sasl; bh=EeS5Z7YkQAVNpZ0WI2XPcWY1Qx8=; b=bul/+q9 fsm+YNwgGKrZe1tcqEMe+Bt7Wp6h08Vysvn3g210I/VJHBWTVRrm2NqlOS6342d9 ssaoNnSwHCPgn+ijxFZTOjQrIP5iBnrLl0nJAOJIfWPjpa0x4OIKiviQoSvz4sKp IF0nwZt0tiAJILGoqoLPA968hPmY2/H6aapA=
- Domainkey-signature: a=rsa-sha1; c=nofws; d=pobox.com; h=date:from:to:cc :subject:message-id:references:mime-version:content-type :in-reply-to; q=dns; s=sasl; b=FjjOUMVWJMW6NNyq4m2+YQfnPyfXYb5pU jT6SYYEGoHLzyGjF+gcBmZWWpe2Tw2SArtSyO5pNB0QXxXv+BoHWraSPySmf75+j k1zPwy02nqZ4m+zU5XejCsQcHZZRELG6EQ7MvucjuVrCHQrjgS4bwI4POkVfhH/A 5DqQ15qr1g=
- In-reply-to: <4D3963E1.8050008@vr-web.de>
- References: <4D3963E1.8050008@vr-web.de>
- User-agent: Mutt/1.5.20 (2009-06-14)
On Fri, Jan 21, 2011 at 11:45:53AM +0100, Thomas Schweikle wrote:
> client:~$ ldapsearch -H ldap://srv.example.com
> SASL/DIGEST-MD5 authentication started
Try adding -Y GSSAPI to ldapsearch command line.
I found the same (that DIGEST-MD5 was being preferred over GSSAPI). You can
fix it by disabling DIGEST-MD5.
Under Ubuntu, I did this by
# vi /etc/ldap/sasl2/slapd.conf
mech_list: gssapi external
The location of this config file may differ under other distros.