Christian wrote: > I use Kerberos/GSSAPI for authentication, and I recently locked down my > ldap servers with "require authc". With Kerberos tickets, I used to be > able to just enter > > ldapsearch > > on the command line. Now I have to do > > ldapsearch -Y GSSAPI Why don't you simply put this line in your ldap.conf? SASL_MECH GSSAPI > I assume this is because ldapsearch has to do a nonauthenticated bind to > find out about the SASL auth mechanisms (by looking for > supportedSASLMechanisms), Nope. The command-line tools do not behave like this. > man ldap.conf > > tells me that the setting for SASL_MECH is a per user setting only. Is > there any other way to achieve this, or am I doing the wrong thing by > requiring authc? I'm pretty sure there's a system-wide ldap.conf file installed on your system. Ciao, Michael.
Attachment:
smime.p7s
Description: S/MIME Cryptographic Signature