Hi, We are currently trying to use OpenLDAP as the database for Kerberos in our lab. We installed OpenLDAP in Ubuntu 10.04 and is working without any problem (i,e. queries are showing the correct results) But we are not able to get Kerberos authenticate via OpenLDAP.
For authenticating via OpenLDAP, the principles needs to be rewritten (using authz-policy and authz-regexp). We know how to do that in older version of OpenLDAP which had (slapd.conf) but don't know how to do the same in new OpenLDAP which has slapd.d directory instead. The manuals also doesn't say anything on this issue.
We did the following for testing authentication via Kerberos:
kinit username; ldapsearch -H ldaps://server.example.com
And we got this result:
SASL/DIGEST-MD5 authentication started Please enter your password: ldap_sasl_interactive_bind_s: Invalid credentials (49) additional info: SASL(-13): user not found: no secret in database
We just want to perform this:
authz-policy from authz-regexp uid=(.*),cn=example.com,cn=GSSAPI,cn=auth uid=$1,ou=people,dc=example,dc=com
We think adding this in slapd.conf should serve the purpose. Any suggestions/help is highly appreciated.