Skip site navigation (1)Skip section navigation (2) 
Date:      Wed, 19 Jan 2011 21:59:28 +0100
From:      Jan Henrik Sylvester <me@janh.de>
To:        questions-list freebsd <freebsd-questions@freebsd.org>
Cc:        Hajimu UMEMOTO <ume@FreeBSD.org>
Subject:   ldap with GSSAPI using security/cyrus-sasl2 with security/heimdal?
Message-ID:  <4D3750B0.4010802@janh.de>
next in thread | raw e-mail | index | archive | help 
Earlier I tried GSSAPI authentication for ldap against heimdal in 
8.1-RELEASE base and failed. Now I tried again with security/heimdal.

I got:

security/heimdal
security/cyrus-sasl2 with HEIMDAL_HOME=/usr/local/
net/openldap24-server with WITH_SASL

When I first tried "ldapmodify -Z -Y GSSAPI -I -D <CRED> -H 
ldap://<FQDN>", I got:

ldap_sasl_interactive_bind_s: Unknown authentication method (-6)
         additional info: SASL(-4): no mechanism available: No worthy 
mechs found

In /var/log/auth.log, I found for slapd and ldapmodify:

unable to dlopen /usr/local/lib/sasl2/libgssapiv2.so.2: 
/usr/local/lib/sasl2/libgssapiv2.so.2: Undefined symbol 
"gss_nt_service_name"

I found this discussion: 
http://www.mail-archive.com/heimdal-discuss@sics.se/msg00126.html

Not sure what might be wrong with configure, I added the following line 
to config.h after running "make configure" and before "make":

#define HAVE_GSS_C_NT_HOSTBASED_SERVICE 1

With security/cyrus-sasl2 compiled that way, I do not get the "Undefined 
symbol" starting slapd anymore.

Now ldapmodify gives me:

ldap_sasl_interactive_bind_s: Other (e.g., implementation specific) 
error (80)
         additional info: SASL(-1): generic failure: GSSAPI Error:  No 
credentials were supplied, or the credentials were unavailable or 
inaccessible. (unknown mech-code 0 for mech unknown)

I am out of ideas. Do I even have the ldapmodify command correct? (I 
tried with "-U u:<USER>" and "-X u:<USER>", too.)

Is security/cyrus-sasl2 supposed to work with GSSAPI from security/heimdal?

How should the undefined symbol be fixed properly? Is there anything 
more to fix with cyrus-sasl configure?

Thanks for any ideas,
Jan Henrik

Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?4D3750B0.4010802>