Is this possible? The only way to connect to my OpenLDAP server is through Kerberos, I disabled all other authentications. I created a principal for nss_ldap and I exported its key to the keytab file on the server. How can I force nss_ldap to use it to connect my ldap server?
Here is the contents of my /etc/libnss_ldap.conf: base dc=mydomain,dc=com uri ldaps://machine1 ldap_version 3 nss_base_passwd ou=People,dc=mydomain,dc=com nss_base_shadow ou=People,dc=mydomain,dc=com nss_base_group ou=Group,dc=mydomain,dc=com ssl start_tls ssl on use_sasl on sasl_auth_id sasl_auth_id nssldap/machine1
Note that my Kerberos is working correctly and I can successfully ldapsearch -Y GSSAPI over a self-signed certificate.
Thank you
Amir _________________________________________________________________ Invite your mail contacts to join your friends list with Windows Live Spaces. It's easy! http://spaces.live.com/spacesapi.aspx?wx_action=create&wx_url=/friends.a...
On Nov 8, 2007, at 5:05 AM, Amir Saad wrote:
How can I force nss_ldap to use it to connect my ldap server?
This question (and other discussion specific to nss_ldap) is more appropriately directed to a list about nss_ldap, e.g., nssldap@padl.com. (The moderator (me) made an error in approving this message.)
-- Kurt
openldap-software@openldap.org
-
Amir Saad -
Kurt Zeilenga