Hi, Can ldapsearch work with Windows AD via GSSAPI? Is there any special setting/software I need to do on the client side?
On my Client system, I have Windows openldap client tools (ldapsearch ....etc). My Server system has Windows AD running.
I was able to use Simple Authentication and it worked. ldapsearch.exe -H ldap://MPSD-EB01T3/ -b "dc=test,dc=com" -x
I know Windows 2008 AD support GSSAPI.
ldapsearch -H ldap://MPSD-EB01T3/ -xLLL -s base -b "" supportedSASLMechanisms dn: supportedSASLMechanisms: GSSAPI supportedSASLMechanisms: GSS-SPNEGO supportedSASLMechanisms: EXTERNAL supportedSASLMechanisms: DIGEST-MD5
Now I tried to use GSSAPI and it failed. Is there anything special setting I need to do on the client side to make it work?
ldapsearch -H ldap://MPSD-EB01T3/ -b "cn=user1,dc=test,dc=com" -W -U user1 -Y GSSAPI -d 3
ldap_url_parse_ext(ldap://MPSD-EB01T3/) ldap_create ldap_url_parse_ext(ldap://MPSD-EB01T3:389/??base) ldap_sasl_interactive_bind_s: user selected: GSSAPI ldap_int_sasl_bind: GSSAPI ldap_new_connection 1 1 0 ldap_int_open_connection ldap_connect_to_host: TCP MPSD-EB01T3:389 ldap_new_socket: 392 ldap_prepare_socket: 392 ldap_connect_to_host: Trying 192.168.1.30:389 ldap_pvt_connect: fd: 392 tm: -1 async: 0 ldap_int_sasl_open: host=MPSD-EB01T3 ldap_err2string ldap_sasl_interactive_bind_s: Unknown authentication method (-6) additional info: SASL(-4): no mechanism available: Unable to find a calback: 2