Am Tue, 30 Jun 2015 12:48:22 +0200 schrieb Andreas Laesser <andreas.laesser@tugraz.at>: > Hi @all > > I have a (maybe) a problem with my openldap server authenticating > over a JAVA tool (Apache Directory Studio LDAP Browser > V2.0.0.v20130628, jXplorer) via GSSAPI. > > When I do a ldapsearch from command line via GSSAPI it works fine... > > > ~ % klist > Ticket cache: FILE:/tmp/krb5cc_1086_lR4Nxxxxrs > Default principal: admin@SPSC.TUGRAZ.AT > > Valid starting Expires Service principal > 30/06/2015 10:54 02/07/2015 10:54 > krbtgt/SPSC.TUGRAZ.AT@SPSC.TUGRAZ.AT renew until 10/07/2015 10:54 > 30/06/2015 10:54 02/07/2015 10:54 > ldap/ldap1.spsc.tugraz.at@SPSC.TUGRAZ.AT renew until 10/07/2015 10:54 > > > ~ % ldapsearch -H ldaps://ldap1.spsc.tugraz.at -b > "dc=SPSC,dc=TUGRAZ,dc=AT" > > This works well.... > > but if I try the same from one of the two tools mentioned above it > simply not bind or connects.... > > Does anybody had the same problems, or knows a solution? If Kerberos is properly set up, you should use SASL GSSAPI, that is ldapsearch -Y GSSAPI -H ldaps://some.host -Dieter -- Dieter Klünter | Systemberatung http://sys4.de GPG Key ID: E9ED159B 53°37'09,95"N 10°08'02,42"E
Attachment:
pgpTPDFusHKKh.pgp
Description: Digitale Signatur von OpenPGP