ldap with GSSAPI using security/cyrus-sasl2 with security/heimdal?

Jan Henrik Sylvester me at janh.de
Wed Jan 19 20:59:14 UTC 2011

Earlier I tried GSSAPI authentication for ldap against heimdal in 
8.1-RELEASE base and failed. Now I tried again with security/heimdal.

I got:

security/cyrus-sasl2 with HEIMDAL_HOME=/usr/local/
net/openldap24-server with WITH_SASL

When I first tried "ldapmodify -Z -Y GSSAPI -I -D <CRED> -H 
ldap://<FQDN>", I got:

ldap_sasl_interactive_bind_s: Unknown authentication method (-6)
         additional info: SASL(-4): no mechanism available: No worthy 
mechs found

In /var/log/auth.log, I found for slapd and ldapmodify:

unable to dlopen /usr/local/lib/sasl2/libgssapiv2.so.2: 
/usr/local/lib/sasl2/libgssapiv2.so.2: Undefined symbol 

I found this discussion: 

Not sure what might be wrong with configure, I added the following line 
to config.h after running "make configure" and before "make":


With security/cyrus-sasl2 compiled that way, I do not get the "Undefined 
symbol" starting slapd anymore.

Now ldapmodify gives me:

ldap_sasl_interactive_bind_s: Other (e.g., implementation specific) 
error (80)
         additional info: SASL(-1): generic failure: GSSAPI Error:  No 
credentials were supplied, or the credentials were unavailable or 
inaccessible. (unknown mech-code 0 for mech unknown)

I am out of ideas. Do I even have the ldapmodify command correct? (I 
tried with "-U u:<USER>" and "-X u:<USER>", too.)

Is security/cyrus-sasl2 supposed to work with GSSAPI from security/heimdal?

How should the undefined symbol be fixed properly? Is there anything 
more to fix with cyrus-sasl configure?

Thanks for any ideas,
Jan Henrik

More information about the freebsd-questions mailing list