Le Trung Kien wrote:
If you have configure phpldapadmin with option SASL chosen, then lucky me.
SASL bind can be conducted with many different mechanisms. For Kerberos V you have to configure SASL with mech GSSAPI. For this to fully work as expected the entity binding to the LDAP server has to have obtained a ticket granting ticket (TGT) before binding to the LDAP server.
If you invoked command-line tool kinit on your box then the TGT is stored in a ticket cache tied to the system user who started kinit => this is likely not of much use in a centrally installed web gateway. My web2ldap supports SASL/GSSAPI but using the end-user TGT requires web2ldap to be started by this particular end-user.
Ciao, Michael.