[Date Prev][Date Next]
[Chronological]
[Thread]
[Top]
Re: help with openldap-2.4.29-sasl-2.1.25 bind problems
On 03/04/12 15:04 +0000, luxInteg wrote:
Greetings,
i am new to this list. I have a computer with these:-
cpu: amd64 2 cores
os linux 64bit distro=cblfs kernel-3.2.1, gcc-4.5.2
auth progs: MIT-kerberos-1.10, sasl-2.1.25. openldap-2.4.29
( I have an inhouse CA and generated a signed Certicate/Key pair on this
machine running openssl-0.9.8 I transferred these and the cacert.pem file
securely to the machine above and these are included in the slapd.conf file )
I verified ldap is running without sasl with the ldapsearch command like
so:-
ldapsearch -xWLLL "ou=people" -H ldaps://tester.example.com
When I tried the same command for a sasl bind:-
ldappsearch -LLL "ou=people" -H ldaps://tester.example.com
I get this
###################################################
SASL/GSSAPI authentication started
ldap_sasl_interactive_bind_s: Invalid credentials (49)
additional info: SASL(-13): authentication failure: GSSAPI Failure:
gss_accept_sec_context
###################################################
Check your kdc logs. Research what 'gss_accept_sec_context' and 'res_matched'
mean, since those appear to be errors returned from your krb5 library.
Make sure you are not hitting this bug in cyrus sasl:
https://bugzilla.cyrusimap.org/show_bug.cgi?id=3480
One way to determine if you are, is to perform your gssapi bind without
ldaps or starttls-over-ldap.
--------------
read1msg: ld 0x2018010 0 new referrals
read1msg: mark request completed, ld 0x2018010 msgid 1
request done: ld 0x2018010 msgid 1
res_errno: 49, res_error: <SASL(-13): authentication failure: GSSAPI Failure:
gss_accept_sec_context>, res_matched: <>
ldap_free_request (origid 1, msgid 1)
ldap_int_sasl_bind: <null>
ldap_parse_sasl_bind_result
ber_scanf fmt ({eAA) ber:
ber_dump: buf=0x20eb750 ptr=0x20eb753 end=0x20eb7a5 len=82
--------------
--
Dan White