[Date Prev][Date Next]
[Chronological]
[Thread]
[Top]
SASL working but kerberos DOMAIN is not set
- To: openldap-technical@openldap.org
- Subject: SASL working but kerberos DOMAIN is not set
- From: Friedrich Locke <friedrich.locke@gmail.com>
- Date: Tue, 28 Jun 2011 16:36:49 -0300
- Dkim-signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=gamma; h=mime-version:date:message-id:subject:from:to:content-type; bh=pVhqzmvDRl0bE3HKySNrYPAh+cnavQshr0KKlX12Gzs=; b=J88mpcLoUEHomPVzK+HmXCInCZbVlKcvb0Gf3NVlouNWyt+E2qnZS+wen8R0FQNSw6 JXVG59PqVYsabo3qd42XxLKxRjHpRtIfkrAnB2wqeYLs1T9TY3UPqscccOk+H+IwS8M6 36qKToG2H+rxBGA/hi6rFwfbjMW3ptUu4Q+ZE=
I have setted openldap+sasl+kerberos.
It is working but the keberos realm is not seted in the bind dn, why?
Here is my session:
sioux@gustav$ ldapsearch -Y GSSAPI -b "" -s base -LLL supportedSASLMechanisms
SASL/GSSAPI authentication started
SASL username: sioux@UFV.BR
SASL SSF: 56
SASL data security layer installed.
dn:
supportedSASLMechanisms: OTP
supportedSASLMechanisms: NTLM
supportedSASLMechanisms: GSSAPI
supportedSASLMechanisms: DIGEST-MD5
supportedSASLMechanisms: CRAM-MD5
sioux@gustav$
Here is what i got from slapd err output :
...
...
...
do_bind: dn () SASL mech GSSAPI
slap_sasl_getdn: u:id converted to uid=sioux,cn=GSSAPI,cn=auth
>>> dnNormalize: <uid=sioux,cn=GSSAPI,cn=auth>
<<< dnNormalize: <uid=sioux,cn=gssapi,cn=auth>
==>slap_sasl2dn: converting SASL name uid=sioux,cn=gssapi,cn=auth to a DN
<==slap_sasl2dn: Converted SASL name to <nothing>
SASL Authorize [conn=1001]: proxy authorization allowed authzDN=""
send_ldap_sasl: err=0 len=-1
do_bind: SASL/GSSAPI bind: dn="uid=sioux,cn=gssapi,cn=auth" sasl_ssf=56
send_ldap_response: msgid=3 tag=97 err=0
ber_flush2: 14 bytes to sd 13
...
...
...
Any ideia about what is going on ?