hard times getting ldap to work with sasl
Friedrich Locke
friedrich.locke at gmail.com
Fri Jun 16 13:16:56 UTC 2017
Hi folks,
after trying to get openldap + sasl working for 3 day i have loose my hairs.
My dns is working ok, openldap config too. But i am not able to get
opendalp to auth via sasl kerberos or GSSAPI. When i try to auth via
sasl or providing plain text password nothing is even show in saslauthd
log files. It seems openldap does not even contact saslauthd.
Here is some examples :
sioux at etosha$ ldapsearch -Y GSSAPI -b "" -s base -LLL
supportedSASLMechanisms
SASL/GSSAPI authentication started
ldap_sasl_interactive_bind_s: Other (e.g., implementation specific)
error (80)
additional info: SASL(-1): generic failure: GSSAPI Error: No
credentials were supplied, or the credentials were unavailable or
inaccessible. (unknown mech-code 0 for mech unknown)
sioux at etosha$ uname -a
FreeBSD etosha 11.0-RELEASE-p8 FreeBSD 11.0-RELEASE-p8 #0: Wed Feb 22
06:12:04 UTC 2017
root at amd64-builder.daemonology.net:/usr/obj/usr/src/sys/GENERIC amd64
sioux at etosha$ klist
Credentials cache: FILE:/tmp/krb5cc_Ofd7Gy
Principal: sioux at MY.DOMAIN
Issued Expires Principal
Jun 16 12:16:28 2017 Jun 16 16:16:28 2017 krbtgt/MY.DOMAIN at MY.DOMAIN
Jun 16 12:16:54 2017 Jun 16 16:16:28 2017 host/etosha.my.domain at MY.DOMAIN
Jun 16 12:40:03 2017 Jun 16 16:16:28 2017 ldap/etosha.my.domain at MY.DOMAIN
sioux at etosha$
The credentials are fetched from kerberos, by ldapsearch is prevented
from log into slapd. And when i provide a user, saslauthd is not even
contacted.
Please, someone help me ......
More information about the freebsd-questions
mailing list