[Date Prev][Date Next] [Chronological] [Thread] [Top]

Re: Compile openldap library with GSSAPI enabled

To: Michele <indirizzoint@yahoo.it>
Subject: Re: Compile openldap library with GSSAPI enabled
From: Dan White <dwhite@olp.net>
Date: Mon, 18 Feb 2013 08:33:08 -0600
Cc: openldap-technical@openldap.org
Content-disposition: inline
In-reply-to: <CAG+MCp0sf_8-YaL-m51Fs5Z9W16iRF1bGy2s7RwyDoT-_o7-4A@mail.gmail.com>
References: <CAG+MCp27cONCOtuTucsYgCA7hHt+We2yh4-_qaQyBBTtxbwxgg@mail.gmail.com> <20130214194447.GI6501@dan.olp.net> <CAG+MCp0sf_8-YaL-m51Fs5Z9W16iRF1bGy2s7RwyDoT-_o7-4A@mail.gmail.com>
User-agent: Mutt/1.5.21 (2010-09-15)

On Thu, Feb 14, 2013 at 8:44 PM, Dan White <dwhite@olp.net> wrote:

On 02/14/13 12:19 +0100, Michele wrote:

I'm trying to build OpenLDAP enabling the GSSAPI module, but I can't
find any reference on that in the configure file.  I'm doing that
because I'm writing a client program that want to login to a Windows AD
via kerberos.  Any help is appreciated.


You'll need to install the cyrus sasl gssapi plugin. Use 'pluginviewer' to
view your current list of installed plugins.


On 02/18/13 13:13 +0100, Michele wrote:

this is my pluginviewer and cyrus rpms installed on my machine.
I think I already get it.

# pluginviewer
Installed SASL (server side) mechanisms are:
LOGIN GSSAPI PLAIN ANONYMOUS EXTERNAL
List of server plugins follows
Plugin "login" [loaded],        API version: 4
       SASL mechanism: LOGIN, best SSF: 0, supports setpass: no
       security flags: NO_ANONYMOUS
       features:
Plugin "gssapiv2" [loaded],     API version: 4
       SASL mechanism: GSSAPI, best SSF: 56, supports setpass: no
       security flags:
NO_ANONYMOUS|NO_PLAINTEXT|NO_ACTIVE|PASS_CREDENTIALS|MUTUAL_AUTH
       features: WANT_CLIENT_FIRST|PROXY_AUTHENTICATION

[root@temdev10 ~]# rpm -ql | grep cyrus
rpmq: no arguments given for query
[root@temdev10 ~]# rpm -qa | grep cyrus
cyrus-sasl-plain-2.1.22-5.el5_4.3
cyrus-sasl-gssapi-2.1.22-5.el5_4.3
cyrus-sasl-devel-2.1.22-5.el5_4.3
cyrus-sasl-2.1.22-5.el5_4.3
cyrus-sasl-lib-2.1.22-5.el5_4.3


You have the necessary sasl components installed to support gssapi
authentication. To verify that your AD server supports gssapi:

ldapsearch -LLL -x -H ldap://ad.example.org -s "base" -b "" supportedSASLMechanisms
dn:
supportedSASLMechanisms: GSSAPI
supportedSASLMechanisms: GSS-SPNEGO
supportedSASLMechanisms: EXTERNAL
supportedSASLMechanisms: DIGEST-MD5

See the FAQ entry "How do I configure OpenLDAP+SASL+GSSAPI" here (the
client side details should still apply):

http://www.cyrussasl.org/mediawiki/index.php/FAQ

--
Dan White

Follow-Ups:
- Re: Compile openldap library with GSSAPI enabled
  - From: Michele <indirizzoint@yahoo.it>

References:
- Compile openldap library with GSSAPI enabled
  - From: Michele <indirizzoint@yahoo.it>
- Re: Compile openldap library with GSSAPI enabled
  - From: Dan White <dwhite@olp.net>
- Re: Compile openldap library with GSSAPI enabled
  - From: Michele <indirizzoint@yahoo.it>

Prev by Date: Re: ldapi without TLS and ldap with TLS?
Next by Date: Where is the TLSCertificateFile in cn=config?
Index(es):
- Chronological
- Thread