[Date Prev][Date Next]
[Chronological]
[Thread]
[Top]
Re: require authc and SASL GSSAPI
On 05/09/16 09:29 +0200, Christian wrote:
Dear list,
I use Kerberos/GSSAPI for authentication, and I recently locked down my
ldap servers with "require authc". With Kerberos tickets, I used to be
able to just enter
ldapsearch
What response do you get?
on the command line. Now I have to do
ldapsearch -Y GSSAPI
I assume this is because ldapsearch has to do a nonauthenticated bind to
find out about the SASL auth mechanisms (by looking for
supportedSASLMechanisms), and that fails now. So it would be great if I
You can verify with:
ldapsearch -LLL -x -H ldap://ldap.example.org -s "base" -b "" supportedSASLMechanisms
had a way of setting the default SASL auth mechanism on a machine for
all users. However,
man ldap.conf
tells me that the setting for SASL_MECH is a per user setting only. Is
there any other way to achieve this, or am I doing the wrong thing by
requiring authc? Thanks,
Two options come to mind:
1) Configure GSSAPI as the only available SASL mechanism, within your sasl
slapd.conf, on the server.
2) Remove all other sasl mechanisms/shared libraries on the client machine.
--
Dan White