Ok I've tried that and my AD server supports all mechanism you listed above. The problem is that I'm compiling a client application and I'd like to use GSSAPI mechanism, but when I compile OpenLDAP I'm not sure if it is compiling also the GSSAPI stuff. Also when I try to connect my client to my AD server it says that no mechanism are available. Thanks
On Mon, Feb 18, 2013 at 3:33 PM, Dan White dwhite@olp.net wrote:
On Thu, Feb 14, 2013 at 8:44 PM, Dan White dwhite@olp.net wrote:
On 02/14/13 12:19 +0100, Michele wrote:
I'm trying to build OpenLDAP enabling the GSSAPI module, but I can't find any reference on that in the configure file. I'm doing that because I'm writing a client program that want to login to a Windows AD via kerberos. Any help is appreciated.
You'll need to install the cyrus sasl gssapi plugin. Use 'pluginviewer' to view your current list of installed plugins.
On 02/18/13 13:13 +0100, Michele wrote:
this is my pluginviewer and cyrus rpms installed on my machine. I think I already get it.
# pluginviewer Installed SASL (server side) mechanisms are: LOGIN GSSAPI PLAIN ANONYMOUS EXTERNAL List of server plugins follows Plugin "login" [loaded], API version: 4 SASL mechanism: LOGIN, best SSF: 0, supports setpass: no security flags: NO_ANONYMOUS features: Plugin "gssapiv2" [loaded], API version: 4 SASL mechanism: GSSAPI, best SSF: 56, supports setpass: no security flags: NO_ANONYMOUS|NO_PLAINTEXT|NO_ACTIVE|PASS_CREDENTIALS|MUTUAL_AUTH features: WANT_CLIENT_FIRST|PROXY_AUTHENTICATION
[root@temdev10 ~]# rpm -ql | grep cyrus rpmq: no arguments given for query [root@temdev10 ~]# rpm -qa | grep cyrus cyrus-sasl-plain-2.1.22-5.el5_4.3 cyrus-sasl-gssapi-2.1.22-5.el5_4.3 cyrus-sasl-devel-2.1.22-5.el5_4.3 cyrus-sasl-2.1.22-5.el5_4.3 cyrus-sasl-lib-2.1.22-5.el5_4.3
You have the necessary sasl components installed to support gssapi authentication. To verify that your AD server supports gssapi:
ldapsearch -LLL -x -H ldap://ad.example.org -s "base" -b "" supportedSASLMechanisms dn: supportedSASLMechanisms: GSSAPI supportedSASLMechanisms: GSS-SPNEGO supportedSASLMechanisms: EXTERNAL supportedSASLMechanisms: DIGEST-MD5
See the FAQ entry "How do I configure OpenLDAP+SASL+GSSAPI" here (the client side details should still apply):
http://www.cyrussasl.org/mediawiki/index.php/FAQ
-- Dan White