No, don't have any problem while running these commands from there!I can retrieve my data successfully.
Feb 2 11:59:49 ldap slapd[1059]: conn=1374 op=2 BIND dn="" method=163Feb 2 11:59:49 ldap slapd[1059]: conn=1374 op=2 BIND authcid="aahmed@DOMAIN.COM" authzid="aahmed@DOMAIN.COM"Feb 2 11:59:49 ldap slapd[1059]: conn=1374 op=2 BIND dn="uid=aahmed,ou=people,dc=domain,dc=com" mech=GSSAPI sasl_ssf=56 ssf=56Feb 2 11:59:49 ldap slapd[1059]: conn=1374 op=2 RESULT tag=97 err=0 text=Feb 2 11:59:49 ldap slapd[1059]: conn=1374 op=3 SRCH base="dc=domain,dc=com" scope=2 deref=0 filter="(objectClass=*)"Feb 2 11:59:49 ldap slapd[1059]: conn=1374 op=3 SEARCH RESULT tag=101 err=0 nentries=11 text=Feb 2 11:59:49 ldap slapd[1059]: conn=1374 op=4 UNBIND Thanks.
Date: Fri, 1 Feb 2013 13:53:29 -0600 From: dwhite@olp.net To: asabatgirl@hotmail.com CC: openldap-technical@openldap.org Subject: Re: client server connection to LDAP/Kerberos
On 02/01/13 10:08 +1100, Asmaa Ahmed wrote:
Hello,
I recently added Kerberos authentication to my LDAP server, and I am trying to connect the other servers to it. I have a server running Davical shared calendar, and I hope to get it working with my LDAP server again after Kerberos integration.
Here is my configuration which was working before the integration and my source is "http://wiki.davical.org/w/Configuration/LDAP#Kerberos_Authentication"
$c->authenticate_hook['config'] = array( 'host' => 'ldap.domain.com', //host name of your LDAP Server 'port' => '389', //port // 'bindDN' => 'cn=admin,dc=domain,dc=com', //DN to bind request // to this server (if required) // 'passDN' => 'password', //Password of request bind 'baseDNUsers' => 'ou=People,dc=domain,dc=com', //where to look for valid user 'filterUsers' => 'objectClass=*', //filter which must validate a user according to RFC4515, i.e. surrounded by brackets 'protocolVersion' => 3, // important for simple auth (no sasl) // 'startTLS' => true, // securing your LDAP connection 'i_use_mode_kerberos' => "i_know_what_i_am_doing",
My slapd error logs: Jan 31 23:40:00 ldap slapd[1059]: conn=1273 fd=43 ACCEPT from IP=203.28.247.193:56887 (IP=0.0.0.0:389) Jan 31 23:40:00 ldap slapd[1059]: conn=1273 op=0 BIND dn="" method=128 Jan 31 23:40:00 ldap slapd[1059]: conn=1273 op=0 RESULT tag=97 err=0 text= Jan 31 23:40:00 ldap slapd[1059]: conn=1273 op=1 SRCH base="ou=People,dc=domain,dc=com" scope=2 deref=0 filter="(objectClass=*)" Jan 31 23:40:00 ldap slapd[1059]: conn=1273 op=1 SRCH attr=uid modifyTimestamp cn mail Jan 31 23:40:00 ldap slapd[1059]: conn=1273 op=1 SEARCH RESULT tag=101 err=32 nentries=0 text= Jan 31 23:40:00 ldap slapd[1059]: conn=1273 op=2 UNBIND
My OLC configuration: root@ldap:/var/log# ldapsearch -LLLQY EXTERNAL -H ldapi:/// -b cn=config "(|(cn=config)(olcDatabase={1}hdb))" dn: cn=config objectClass: olcGlobal cn: config olcArgsFile: /var/run/slapd/slapd.args olcAuthzRegexp: {0}uid=([^,]+),cn=domain.com,cn=gssapi,cn=auth uid=$1 ,ou=people,dc=domain,dc=com olcLogLevel: stats olcPidFile: /var/run/slapd/slapd.pid olcSaslRealm: DOMAIN.COM olcToolThreads: 1
dn: olcDatabase={1}hdb,cn=config objectClass: olcDatabaseConfig objectClass: olcHdbConfig olcDatabase: {1}hdb olcDbDirectory: /var/lib/ldap olcSuffix: dc=domain,dc=com olcAccess: {0}to attrs=userPassword,shadowLastChange by anonymous auth by * no ne olcAccess: {1}to dn.subtree="ou=krb5,dc=domain,dc=com" by dn="c n=adm-srv,ou=krb5,domain,dc=com" write by dn="cn=kdc-srv,ou =krb5,domain,dc=com" read by * none olcAccess: {2}to attrs=loginShell,gecos by self write by users read by * none olcAccess: {3}to dn.base="" by * read olcAccess: {4}to * by users read by * none olcLastMod: TRUE olcRootDN: uid=admin,ou=people,domain,dc=com
Any suggestion to fix the binding and get my search working again with kerberos authentication ?
Thanks.
Can you reproduce this problem with ldapsearch and/or ldapwhoami (-Y GSSAPI) on the server which is running davical?
-- Dan White