|
No, don't have any problem while running these commands from there!
I can retrieve my data successfully. Feb 2 11:59:49 ldap slapd[1059]: conn=1374 op=2 BIND dn="" method=163 Feb 2 11:59:49 ldap slapd[1059]: conn=1374 op=2 BIND authcid="aahmed@DOMAIN.COM" authzid="aahmed@DOMAIN.COM" Feb 2 11:59:49 ldap slapd[1059]: conn=1374 op=2 BIND dn="uid=aahmed,ou=people,dc=domain,dc=com" mech=GSSAPI sasl_ssf=56 ssf=56 Feb 2 11:59:49 ldap slapd[1059]: conn=1374 op=2 RESULT tag=97 err=0 text= Feb 2 11:59:49 ldap slapd[1059]: conn=1374 op=3 SRCH base="dc=domain,dc=com" scope=2 deref=0 filter="(objectClass=*)" Feb 2 11:59:49 ldap slapd[1059]: conn=1374 op=3 SEARCH RESULT tag=101 err=0 nentries=11 text= Feb 2 11:59:49 ldap slapd[1059]: conn=1374 op=4 UNBIND Thanks. > Date: Fri, 1 Feb 2013 13:53:29 -0600 > From: dwhite@olp.net > To: asabatgirl@hotmail.com > CC: openldap-technical@openldap.org > Subject: Re: client server connection to LDAP/Kerberos > > On 02/01/13 10:08 +1100, Asmaa Ahmed wrote: > >Hello, > > > >I recently added Kerberos authentication to my LDAP server, and I am trying > >to connect the other servers to it. > >I have a server running Davical shared calendar, and I hope to get it > >working with my LDAP server again after Kerberos integration. > > > >Here is my configuration which was working before the integration and my > >source is > >"http://wiki.davical.org/w/Configuration/LDAP#Kerberos_Authentication" > > > > $c->authenticate_hook['config'] = array( > > 'host' => 'ldap.domain.com', //host name of your LDAP Server > > 'port' => '389', //port > >// 'bindDN' => 'cn=admin,dc=domain,dc=com', //DN to bind request > >// to this server (if required) > >// 'passDN' => 'password', //Password of request bind > > 'baseDNUsers' => 'ou=People,dc=domain,dc=com', //where to look for > >valid user > > 'filterUsers' => 'objectClass=*', //filter which must validate a user > >according to RFC4515, i.e. surrounded by brackets > > 'protocolVersion' => 3, // important for simple auth (no sasl) > >// 'startTLS' => true, // securing your LDAP connection > > 'i_use_mode_kerberos' => "i_know_what_i_am_doing", > > > >My slapd error logs: > >Jan 31 23:40:00 ldap slapd[1059]: conn=1273 fd=43 ACCEPT from > >IP=203.28.247.193:56887 (IP=0.0.0.0:389) > >Jan 31 23:40:00 ldap slapd[1059]: conn=1273 op=0 BIND dn="" method=128 > >Jan 31 23:40:00 ldap slapd[1059]: conn=1273 op=0 RESULT tag=97 err=0 text= > >Jan 31 23:40:00 ldap slapd[1059]: conn=1273 op=1 SRCH > >base="ou=People,dc=domain,dc=com" scope=2 deref=0 filter="(objectClass=*)" > >Jan 31 23:40:00 ldap slapd[1059]: conn=1273 op=1 SRCH attr=uid > >modifyTimestamp cn mail > >Jan 31 23:40:00 ldap slapd[1059]: conn=1273 op=1 SEARCH RESULT tag=101 > >err=32 nentries=0 text= > >Jan 31 23:40:00 ldap slapd[1059]: conn=1273 op=2 UNBIND > > > >My OLC configuration: > >root@ldap:/var/log# ldapsearch -LLLQY EXTERNAL -H ldapi:/// -b cn=config > >"(|(cn=config)(olcDatabase={1}hdb))" > >dn: cn=config > >objectClass: olcGlobal > >cn: config > >olcArgsFile: /var/run/slapd/slapd.args > >olcAuthzRegexp: {0}uid=([^,]+),cn=domain.com,cn=gssapi,cn=auth uid=$1 > > ,ou=people,dc=domain,dc=com > >olcLogLevel: stats > >olcPidFile: /var/run/slapd/slapd.pid > >olcSaslRealm: DOMAIN.COM > >olcToolThreads: 1 > > > >dn: olcDatabase={1}hdb,cn=config > >objectClass: olcDatabaseConfig > >objectClass: olcHdbConfig > >olcDatabase: {1}hdb > >olcDbDirectory: /var/lib/ldap > >olcSuffix: dc=domain,dc=com > >olcAccess: {0}to attrs=userPassword,shadowLastChange by anonymous auth by * > >no > > ne > >olcAccess: {1}to dn.subtree="ou=krb5,dc=domain,dc=com" by dn="c > > n=adm-srv,ou=krb5,domain,dc=com" write by dn="cn=kdc-srv,ou > > =krb5,domain,dc=com" read by * none > >olcAccess: {2}to attrs=loginShell,gecos by self write by users read by * > >none > >olcAccess: {3}to dn.base="" by * read > >olcAccess: {4}to * by users read by * none > >olcLastMod: TRUE > >olcRootDN: uid=admin,ou=people,domain,dc=com > > > > > >Any suggestion to fix the binding and get my search working again with > >kerberos authentication ? > > > >Thanks. > > Can you reproduce this problem with ldapsearch and/or ldapwhoami (-Y > GSSAPI) on the server which is running davical? > > -- > Dan White |