hard times getting ldap to work with sasl

Friedrich Locke friedrich.locke at gmail.com
Fri Jun 16 13:16:56 UTC 2017

Hi folks,

after trying to get openldap + sasl working for 3 day i have loose my hairs.

My dns is working ok, openldap config too. But i am not able to get 
opendalp to auth via sasl kerberos or GSSAPI. When i try to auth via 
sasl or providing plain text password nothing is even show in saslauthd 
log files. It seems openldap does not even contact saslauthd.

Here is some examples :

sioux at etosha$ ldapsearch -Y GSSAPI -b "" -s base -LLL 
SASL/GSSAPI authentication started
ldap_sasl_interactive_bind_s: Other (e.g., implementation specific) 
error (80)
         additional info: SASL(-1): generic failure: GSSAPI Error:  No 
credentials were supplied, or the credentials were unavailable or 
inaccessible. (unknown mech-code 0 for mech unknown)
sioux at etosha$ uname -a
FreeBSD etosha 11.0-RELEASE-p8 FreeBSD 11.0-RELEASE-p8 #0: Wed Feb 22 
06:12:04 UTC 2017 
root at amd64-builder.daemonology.net:/usr/obj/usr/src/sys/GENERIC  amd64
sioux at etosha$ klist
Credentials cache: FILE:/tmp/krb5cc_Ofd7Gy
         Principal: sioux at MY.DOMAIN

   Issued                Expires               Principal
Jun 16 12:16:28 2017  Jun 16 16:16:28 2017  krbtgt/MY.DOMAIN at MY.DOMAIN
Jun 16 12:16:54 2017  Jun 16 16:16:28 2017  host/etosha.my.domain at MY.DOMAIN
Jun 16 12:40:03 2017  Jun 16 16:16:28 2017  ldap/etosha.my.domain at MY.DOMAIN
sioux at etosha$

The credentials are fetched from kerberos, by ldapsearch is prevented 
from log into slapd. And when i provide a user, saslauthd is not even 

Please, someone help me ......

More information about the freebsd-questions mailing list