Re: Openldap/Sasl/GSSAPI on Debian: Key table entry not found

[Buchan Milne <bgmilne@staff.telkomsa.net>]

On Wednesday, 18 January 2012 11:06:45 Toomas Vendelin wrote:
> Thank you, Dan!
> 
> Indeed, setting
> olcSaslHost: ldap.example.com
> 
> instead of
> olcSaslHost: kdc.example.com
> 
> solves the issue.
> 
> Now, when I look back for what caused me this hiccup, this has come to
> my attention:
> - in slapd-config(5):
> olcSaslHost: <fqdn>
>     Used to specify the fully qualified domain name used for SASL
> processing.
> 
> ... the description looks somewhat ambiguous to me.

SASL an be a bit ambiguous, and I don't see that the documentation should 
necessarily cover specific SASL mechs, that is the responsibility of the SASL 
layer.

> It would be less
> confusion, if it were "Host running a LDAP server" or similar.

But, that is the default (IOW, when you do not specify olcSaslHost it will use 
the hostname of the server slapd is running on).

> Or
> perhaps just warning of a possible pitfall - my five cents :).
> 
> And, of course, the Ubuntu tutorial page, that was plain whong, saying:
> "#The FQDN of the Kerberos KDC.
> olcSaslHost: kerberos.example.com"
> 
> at https://help.ubuntu.com/community/OpenLDAPServer#Kerberos_Authentication

So one wonders why we are discussing it on this list ....

Regards,
Buchan