Quanah Gibson-Mount wrote:
--On January 7, 2008 12:06:40 AM -0800 sanjay gupta sanjay_cs1983@yahoo.com wrote:
ldapsearch with debugging enabled and see what it's doing :-
[root@localhost tools]# ./ldapsearch -Y GSSAPI -d 1 ldap_create ldap_sasl_interactive_bind_s: user selected: GSSAPI ldap_int_sasl_bind: GSSAPI ldap_new_connection 1 1 0 ldap_int_open_connection ldap_connect_to_host: TCP 127.0.0.1:389 ldap_new_socket: 3 ldap_prepare_socket: 3 ldap_connect_to_host: Trying 127.0.0.1:389 ldap_connect_timeout: fd: 3 tm: -1 async: 0 ldap_int_sasl_open: host=localhost.localdomain ldap_perror ldap_sasl_interactive_bind_s: Unknown authentication method (-6) additional info: SASL(-4): no mechanism available: No worthy mechs found
It seems that LDAP server has not GSSAPI available.
So how can we add GSSAPI support in LDAP server for making it work??
SASL mechanism support is determined by what mechanisms Cyrus-sasl has available to it. Install the appropriate SASL mechansisms package on your particular distribution, or if you are building it yourself, make sure you've built cyrus-sasl against a Kerberos implementation.
Sanjay,
The cyrus sasl pluginviewer (called saslpluginviewer on my system) will list the installed plugins. You should see a client side plugin implementing the GSSAPI mechanism if you have sasl compiled for GSSAPI and installed correctly.
Also, however unlikely, you may have configured a sasl service file explicitly defining (restricting) which SASL mechanisms to use. On my system, that file is /usr/lib/sasl2/slapd.conf. You can specify the mechanisms to use using a statement like:
mech_list: GSSAPI DIGEST-MD5 PLAIN
If not specified, I believe all server side mechanisms are offered by default.
- Dan White BTC Broadband