ldap with GSSAPI using security/cyrus-sasl2 with security/heimdal?
Jan Henrik Sylvester
me at janh.de
Wed Jan 19 20:59:14 UTC 2011
Earlier I tried GSSAPI authentication for ldap against heimdal in
8.1-RELEASE base and failed. Now I tried again with security/heimdal.
I got:
security/heimdal
security/cyrus-sasl2 with HEIMDAL_HOME=/usr/local/
net/openldap24-server with WITH_SASL
When I first tried "ldapmodify -Z -Y GSSAPI -I -D <CRED> -H
ldap://<FQDN>", I got:
ldap_sasl_interactive_bind_s: Unknown authentication method (-6)
additional info: SASL(-4): no mechanism available: No worthy
mechs found
In /var/log/auth.log, I found for slapd and ldapmodify:
unable to dlopen /usr/local/lib/sasl2/libgssapiv2.so.2:
/usr/local/lib/sasl2/libgssapiv2.so.2: Undefined symbol
"gss_nt_service_name"
I found this discussion:
http://www.mail-archive.com/heimdal-discuss@sics.se/msg00126.html
Not sure what might be wrong with configure, I added the following line
to config.h after running "make configure" and before "make":
#define HAVE_GSS_C_NT_HOSTBASED_SERVICE 1
With security/cyrus-sasl2 compiled that way, I do not get the "Undefined
symbol" starting slapd anymore.
Now ldapmodify gives me:
ldap_sasl_interactive_bind_s: Other (e.g., implementation specific)
error (80)
additional info: SASL(-1): generic failure: GSSAPI Error: No
credentials were supplied, or the credentials were unavailable or
inaccessible. (unknown mech-code 0 for mech unknown)
I am out of ideas. Do I even have the ldapmodify command correct? (I
tried with "-U u:<USER>" and "-X u:<USER>", too.)
Is security/cyrus-sasl2 supposed to work with GSSAPI from security/heimdal?
How should the undefined symbol be fixed properly? Is there anything
more to fix with cyrus-sasl configure?
Thanks for any ideas,
Jan Henrik
More information about the freebsd-questions
mailing list