Date: Fri, 16 Jun 2017 10:16:50 -0300 From: Friedrich Locke <friedrich.locke@gmail.com> To: freebsd-questions@freebsd.org, openldap-software@openldap.org Subject: hard times getting ldap to work with sasl Message-ID: <5943DA42.9010706@gmail.com>
next in thread | raw e-mail | index | archive | help
Hi folks,
after trying to get openldap + sasl working for 3 day i have loose my hairs.
My dns is working ok, openldap config too. But i am not able to get
opendalp to auth via sasl kerberos or GSSAPI. When i try to auth via
sasl or providing plain text password nothing is even show in saslauthd
log files. It seems openldap does not even contact saslauthd.
Here is some examples :
sioux@etosha$ ldapsearch -Y GSSAPI -b "" -s base -LLL
supportedSASLMechanisms
SASL/GSSAPI authentication started
ldap_sasl_interactive_bind_s: Other (e.g., implementation specific)
error (80)
additional info: SASL(-1): generic failure: GSSAPI Error: No
credentials were supplied, or the credentials were unavailable or
inaccessible. (unknown mech-code 0 for mech unknown)
sioux@etosha$ uname -a
FreeBSD etosha 11.0-RELEASE-p8 FreeBSD 11.0-RELEASE-p8 #0: Wed Feb 22
06:12:04 UTC 2017
root@amd64-builder.daemonology.net:/usr/obj/usr/src/sys/GENERIC amd64
sioux@etosha$ klist
Credentials cache: FILE:/tmp/krb5cc_Ofd7Gy
Principal: sioux@MY.DOMAIN
Issued Expires Principal
Jun 16 12:16:28 2017 Jun 16 16:16:28 2017 krbtgt/MY.DOMAIN@MY.DOMAIN
Jun 16 12:16:54 2017 Jun 16 16:16:28 2017 host/etosha.my.domain@MY.DOMAIN
Jun 16 12:40:03 2017 Jun 16 16:16:28 2017 ldap/etosha.my.domain@MY.DOMAIN
sioux@etosha$
The credentials are fetched from kerberos, by ldapsearch is prevented
from log into slapd. And when i provide a user, saslauthd is not even
contacted.
Please, someone help me ......
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?5943DA42.9010706>