Hi,
Can ldapsearch work with Windows AD via GSSAPI? Is there any special setting/software I need to do on the client side?

On my Client system, I have Windows openldap client tools (ldapsearch ....etc). My Server system has Windows AD running.

I was able to use Simple Authentication and it worked.
ldapsearch.exe -H ldap://MPSD-EB01T3/ -b "dc=test,dc=com"  -x

I know Windows 2008 AD support GSSAPI.

ldapsearch -H ldap://MPSD-EB01T3/ -xLLL -s base -b "" supportedSASLMechanisms
dn:
supportedSASLMechanisms: GSSAPI
supportedSASLMechanisms: GSS-SPNEGO
supportedSASLMechanisms: EXTERNAL
supportedSASLMechanisms: DIGEST-MD5


Now I tried to use GSSAPI and it failed. Is there anything special setting I need to do on the client side to make it work?

ldapsearch -H ldap://MPSD-EB01T3/ -b "cn=user1,dc=test,dc=com" -W -U user1 -Y GSSAPI -d 3

ldap_url_parse_ext(ldap://MPSD-EB01T3/)
ldap_create
ldap_url_parse_ext(ldap://MPSD-EB01T3:389/??base)
ldap_sasl_interactive_bind_s: user selected: GSSAPI
ldap_int_sasl_bind: GSSAPI
ldap_new_connection 1 1 0
ldap_int_open_connection
ldap_connect_to_host: TCP MPSD-EB01T3:389
ldap_new_socket: 392
ldap_prepare_socket: 392
ldap_connect_to_host: Trying 192.168.1.30:389
ldap_pvt_connect: fd: 392 tm: -1 async: 0
ldap_int_sasl_open: host=MPSD-EB01T3
ldap_err2string
ldap_sasl_interactive_bind_s: Unknown authentication method (-6)
        additional info: SASL(-4): no mechanism available: Unable to find a calback: 2