I did, but still haven't get a response.
I just want to confirm something here from the debug logs of apache and ldap/kerb servers that it is davical fault nothing more! As now I am trying to do the authentication using apache From apache while trying to login, got that: [Tue Feb 05 02:58:29 2013] [debug] src/mod_auth_kerb.c(994): [client 203.28.249.33] Using HTTP/calendar.domain.com@ as server principal for password verification [Tue Feb 05 02:58:29 2013] [debug] src/mod_auth_kerb.c(698): [client 203.28.249.33] Trying to get TGT for user aahmed@DOMAIN.COM [Tue Feb 05 02:58:29 2013] [debug] src/mod_auth_kerb.c(609): [client 203.28.249.33] Trying to verify authenticity of KDC using principal HTTP/calendar.domain.com@ [Tue Feb 05 02:58:29 2013] [debug] src/mod_auth_kerb.c(1073): [client 203.28.249.33] kerb_authenticate_user_krb5pwd ret=0 user=aahmed@DOMAIN.COM authtype=Basic [Tue Feb 05 02:58:29 2013] [debug] src/mod_auth_kerb.c(1534): [client 203.28.249.33] kerb_authenticate_a_name_to_local_name aahmed@DOMAIN.COM -> aahmed [Tue Feb 05 02:58:29 2013] [error] [client 203.28.249.33] davical: ***: ERROR:drivers_ldap : Unable to find the user with filter (&(objectClass=*)(uid=aahmed)) And can see the request also goes in my ldap/kerb server. I don't understand why having multiple entries here, but I can see clearly that some of them are successful and return an entry! Feb 5 02:56:32 ldap slapd[1059]: conn=1459 op=4111 SRCH base="cn=DOMAIN.COM,ou=krb5,dc=domain,dc=com" scope=2 deref=0 filter="(&(|(objectClass=krbPrincipalAux)(objectClass=krbPrincipal))(krbPrincipalName=aahmed@DOMAIN.COM))" Feb 5 02:56:32 ldap slapd[1059]: conn=1459 op=4111 SRCH attr=krbprincipalname krbcanonicalname objectclass krbprincipalkey krbmaxrenewableage krbmaxticketlife krbticketflags krbprincipalexpiration krbticketpolicyreference krbUpEnabled krbpwdpolicyreference krbpasswordexpiration krbLastFailedAuth krbLoginFailedCount krbLastSuccessfulAuth krbLastPwdChange krbExtraData krbObjectReferences krbAllowedToDelegateTo Feb 5 02:56:32 ldap slapd[1059]: conn=1459 op=4111 SEARCH RESULT tag=101 err=0 nentries=1 text= Feb 5 02:56:32 ldap slapd[1059]: conn=1459 op=4113 SRCH base="cn=DOMAIN.COM,ou=krb5,dc=domain,dc=com" scope=2 deref=0 filter="(&(|(objectClass=krbPrincipalAux)(objectClass=krbPrincipal))(krbPrincipalName=aahmed/SNK4@DOMAIN.COM))" Feb 5 02:56:32 ldap slapd[1059]: conn=1459 op=4113 SRCH attr=krbprincipalname krbcanonicalname objectclass krbprincipalkey krbmaxrenewableage krbmaxticketlife krbticketflags krbprincipalexpiration krbticketpolicyreference krbUpEnabled krbpwdpolicyreference krbpasswordexpiration krbLastFailedAuth krbLoginFailedCount krbLastSuccessfulAuth krbLastPwdChange krbExtraData krbObjectReferences krbAllowedToDelegateTo Feb 5 02:56:32 ldap slapd[1059]: conn=1459 op=4113 SEARCH RESULT tag=101 err=0 nentries=0 text= - - Feb 5 02:56:32 ldap slapd[1059]: conn=1507 fd=43 ACCEPT from IP=203.28.247.193:38068 (IP=0.0.0.0:389) Feb 5 02:56:32 ldap slapd[1059]: conn=1507 op=0 BIND dn="" method=128 Feb 5 02:56:32 ldap slapd[1059]: conn=1507 op=0 RESULT tag=97 err=0 text= Feb 5 02:56:32 ldap slapd[1059]: conn=1507 op=1 SRCH base="ou=People,dc=domain,dc=com" scope=2 deref=0 filter="(&(objectClass=*)(uid=aahmed))" Feb 5 02:56:32 ldap slapd[1059]: conn=1507 op=1 SRCH attr=uid cn mail modifyTimestamp Feb 5 02:56:32 ldap slapd[1059]: conn=1507 op=1 SEARCH RESULT tag=101 err=32 nentries=0 text= > Date: Sun, 3 Feb 2013 17:11:09 -0600 > From: dwhite@olp.net > To: asabatgirl@hotmail.com > Subject: Re: client server connection to LDAP/Kerberos > CC: openldap-technical@openldap.org > > That would suggest you have a problem is with your Davical configuration. Try > consulting their mailing list/support contact. > > On 02/02/13 12:05 +1100, Asmaa Ahmed wrote: > > > >No, don't have any problem while running these commands from there!I can retrieve my data successfully. > > > >Feb 2 11:59:49 ldap slapd[1059]: conn=1374 op=2 BIND dn="" method=163Feb 2 11:59:49 ldap slapd[1059]: conn=1374 op=2 BIND authcid="aahmed@DOMAIN.COM" authzid="aahmed@DOMAIN.COM"Feb 2 11:59:49 ldap slapd[1059]: conn=1374 op=2 BIND dn="uid=aahmed,ou=people,dc=domain,dc=com" mech=GSSAPI sasl_ssf=56 ssf=56Feb 2 11:59:49 ldap slapd[1059]: conn=1374 op=2 RESULT tag=97 err=0 text=Feb 2 11:59:49 ldap slapd[1059]: conn=1374 op=3 SRCH base="dc=domain,dc=com" scope=2 deref=0 filter="(objectClass=*)"Feb 2 11:59:49 ldap slapd[1059]: conn=1374 op=3 SEARCH RESULT tag=101 err=0 nentries=11 text=Feb 2 11:59:49 ldap slapd[1059]: conn=1374 op=4 UNBIND > >Thanks. > >> Date: Fri, 1 Feb 2013 13:53:29 -0600 > >> From: dwhite@olp.net > >> To: asabatgirl@hotmail.com > >> CC: openldap-technical@openldap.org > >> Subject: Re: client server connection to LDAP/Kerberos > >> > >> On 02/01/13 10:08 +1100, Asmaa Ahmed wrote: > >> >Hello, > >> > > >> >I recently added Kerberos authentication to my LDAP server, and I am trying > >> >to connect the other servers to it. > >> >I have a server running Davical shared calendar, and I hope to get it > >> >working with my LDAP server again after Kerberos integration. > >> > > > >> Can you reproduce this problem with ldapsearch and/or ldapwhoami (-Y > >> GSSAPI) on the server which is running davical? > > -- > Dan White > |