hello All,
Finally I had the "openldap-2.2.5 + cyrus-sasl-2.1.23 + krb5-1.6.3" running on my AS5_64 machine. But now I can only do ldapsearch with GSSAPI on the same machine as the slapd and other suite running, if I ran it from other machine, then it failed with (Unknown code krb5 7). Of course, simple auth worked well.
This is a dummy question. I just newly contacted with sasl+krb5 with ldap. Can anyone else kindly people tell me how to make ldapsearch working from other machine? E.g, what kind of setup/procedure I should do on the other machine before I can do ldapsearch with gssapi effectively?
FYI, on the other machine, I had the same version of "cyrus+krb5+openldap" installed, so I think the "ldapsearch" links to the enough libraries to do sasl.
Output when run on the different machine ============================= /tmp_proj/cyrus-sasl-2.1.23/sample>ldapsearch -h 10.230.34.88 -p 9001 -Y gssapi -U admin -b "sn=admin,ou=People,o=Acme" '(objectclass=*)' SASL/GSSAPI authentication started ldap_sasl_interactive_bind_s: Local error (-2) additional info: SASL(-1): generic failure: GSSAPI Error: Unspecified GSS failure. Minor code may provide more information (Unknown code krb5 7)
Run on the same machine, it seems working. ======================= /tmp_proj/test/cyrus-sasl-2.1.23/sample>kinit lablogin Password for lablogin@IC.ACME.COM:
/tmp_proj/test/cyrus-sasl-2.1.23/sample>ldapsearch -h 10.230.34.88 -p 9001 -Y gssapi -U admina@iclab062.ic.acme.com -b "sn=admin,ou=People,o=Acme" '(objectclass=*)' SASL/GSSAPI authentication started SASL username: lablogin@IC.ACME.COM SASL SSF: 56 SASL installing layers # extended LDIF # # LDAPv3 # base <sn=admin,ou=People,o=Acme> with scope sub # filter: (objectclass=*) # requesting: ALL #
# admin, People, Acme dn: sn=admin,ou=People,o=Acme objectClass: top objectClass: person objectClass: organizationalPerson userPassword:: e1NTSEF9bGZMNXZNNFR1T1VrSm51eVk3RGJWODJFUUpvYVRNWWY= cn: Administrator sn: admin
# search result search: 4 result: 0 Success
# numResponses: 2 # numEntries: 1