On Friday 04 January 2008 16:46:40 sanjay gupta wrote:
Hello,
I have done default compilation for openldap-2.3.38 now trying to run ldap client (ldapsearch) with Kerberos so that ldap client can use session ticket to perform the LDAP lookup on LDAP server.Please let me know what required to make ldap client work with kerberos.
I did not see any option to compile & build openldap lib with kerberos support & when I do ldapsearch with -K option it shows error "ldapsearch: not compiled with Kerberos support".
$ ldapsearch
(specifically no -x flag, as you want SASL).
should be sufficient, assuming all your configuration is correct, you have a ticket, and the LDAP server has a keytab for ldap/$hostname, where you are connecting to '$hostname' (in your ldap.conf, or via -h $hostname).
Of course, some logging output from your LDAP server, and the KDCs the LDAP server and LDAP clients are configured to use would help.
Please suggest me the right way to do ldapsearch with kerberos support or what client & server command line option required to run it with kerberos.
Without -x, ldapsearch will use SASL. Additionally, ldapsearch will try and do the most appropriate thing, with a ticket, if your LDAP server has GSSAPI available (and avertised as one of the supportedSASLMechanisms)
Regards, Buchan