[Date Prev][Date Next] [Chronological] [Thread] [Top]

Re: Trying to get passthrough auth working with OpenLDAP and Kerberos

On 01/26/12 15:11 -0800, Chastity Blackwell wrote:

On Thu, 2012-01-26 at 17:38 -0500, Howard Chu wrote:
So what should the userPassword attribute be set to? I assumed it should
be {SASL}chas@KRBTEST -- is that correct? I just want to make sure I'm
on the right track there.


Try:

{SASL}chas

On 01/26/12 16:19 -0800, Chastity Blackwell wrote:

On Thu, 2012-01-26 at 18:17 -0500, Dan White wrote:

What does your testsaslauthd command look like? Are you passing a '-u
user@example.com', or a '-r example.com', or both?



[chas@ldapsandbox ~]$ /usr/sbin/testsaslauthd -u chas -p test -s ldap
0: OK "Success."


What is your default kerberos realm (/etc/krb5.conf), if any, on the box
running slapd and saslauthd?



default_realm = KRBTEST as stated in my other email.



You might get more details from saslauthd -d.



Do your kerberos logs provide anything useful?


Unfortunately, either of these really provides much more than what I had
already posted.


Where is test.com coming from? your userPassword entry?



That I'm not sure about -- I assumed it was coming from the LDAP
domains.



--
Dan White