On Wednesday, 18 January 2012 11:06:45 Toomas Vendelin wrote:
Thank you, Dan!
Indeed, setting olcSaslHost: ldap.example.com
instead of olcSaslHost: kdc.example.com
solves the issue.
Now, when I look back for what caused me this hiccup, this has come to my attention:
- in slapd-config(5):
olcSaslHost: <fqdn> Used to specify the fully qualified domain name used for SASL processing.
... the description looks somewhat ambiguous to me.
SASL an be a bit ambiguous, and I don't see that the documentation should necessarily cover specific SASL mechs, that is the responsibility of the SASL layer.
It would be less confusion, if it were "Host running a LDAP server" or similar.
But, that is the default (IOW, when you do not specify olcSaslHost it will use the hostname of the server slapd is running on).
Or perhaps just warning of a possible pitfall - my five cents :).
And, of course, the Ubuntu tutorial page, that was plain whong, saying: "#The FQDN of the Kerberos KDC. olcSaslHost: kerberos.example.com"
at https://help.ubuntu.com/community/OpenLDAPServer#Kerberos_Authentication
So one wonders why we are discussing it on this list ....
Regards, Buchan