Thank's for all the help, after all it's running. I thing it has something to do with my Ansible-script an the order I installed the packages and set up the configuration. I reinstalled all servers from scratch and now it looks like this: -------------- root@ldap01:~# ldapsearch -x -H ldapi:/// -b "" -LLL -s base supportedSASLMechanisms dn: supportedSASLMechanisms: SCRAM-SHA-1 supportedSASLMechanisms: SCRAM-SHA-256 supportedSASLMechanisms: GSS-SPNEGO supportedSASLMechanisms: GSSAPI supportedSASLMechanisms: DIGEST-MD5 supportedSASLMechanisms: EXTERNAL supportedSASLMechanisms: OTP supportedSASLMechanisms: CRAM-MD5 supportedSASLMechanisms: PLAIN supportedSASLMechanisms: LOGIN -------------- Again, thank you all for the help, several tips got me to the point.
Stefan
Am 17.12.21 um 16:34 schrieb Stefan Kania:
Hello to all,
I'm trying to get GSSAPI authentication running with the symas-packages. I generated a ldap.keytab file and it's readable for the ldap-user running the slapd. With the Debian-packages I ad:
export KRB5_KTNAME="/path/to/ldap.keytab"
I don't want to use the system keytab /etc/krb5.keytab. How do I tell slapd from the symas-packages to use my service-keytab?
I try to add to my /etc/default/symas-openldap:
KRB5_KTNAME="/path/to/ldap.keytab
but it's not working.
Stefan