[Date Prev][Date Next] [Chronological] [Thread] [Top]

ldapsearch and kerberos keytab

To: openldap-technical@openldap.org
Subject: ldapsearch and kerberos keytab
From: l@avc.su
Date: Wed, 02 Sep 2015 16:22:51 +0300
Dkim-signature: v=1; a=rsa-sha256; c=relaxed/simple; d=avc.su; s=default; t=1441200171; bh=z+SPq4L+DPhr7tbZgTVOexUbs94UIgkRxVZUkOkN1UQ=; h=Date:From:To:Subject; b=iGpWE7QFgV73yTFAl6JiFYh13ie0Vq8OdX86QXEZMPaIS0W7EbBGRKShp29sc3qY5 LZz8UtbSgosc30lySLViMC7kUPBZJEj1/RfgedJoS5xud9y3IBejH5gVdCDIyaNRaf ThSS55zGXfoOJEqUSIGxbpjzJYcDnZFeSh2D/n8s=
User-agent: Roundcube Webmail/0.9.5

Hi all.

I've got CentOS 6.5 server enrolled in an AD domain.

There's a script which should connect to AD and get some info withldapsearch.We were using simple bind with username and password, but I wonder ifthere is any way to do queries and being authenticated by GSSAPI withoutthe need of password entering?Maybe, I somehow can use system krb5.keytab and do queries from the nameof the server (host/pc@DOMAIN credentials)?Or I should create separate keytab and specify it in ldapsearch? But Ihaven't found this option. Moreover, I know that kerberos tickets couldexpire and I should re-enter pass to obtain new one.


How can I do that?

Thank you in advance.

Follow-Ups:
- Re: ldapsearch and kerberos keytab
  - From: Dan White <dwhite@cafedemocracy.org>
- Re: ldapsearch and kerberos keytab
  - From: Mark Pröhl <mark@mproehl.net>

Prev by Date: Re: SASL/EXTERNAL not available
Next by Date: Re: SASL/EXTERNAL not available
Index(es):
- Chronological
- Thread