On 12/31/12 11:19 -0800, Wu, James C. wrote:
I have tested that the LDAP authentication through saslauthd using Kerberos works well on both the internal ldap and Kerberos pair and the external ldap Kerberos pair.
How did you verify authentication was working with your internal server?
For example, when I used "su - peter" where peter is a user in the external ldap server and the password is {SASL}peter@EXAMPLE.COMmailto:%7bSASL%7dpeter@EXAMPLE.COM. The authentication works. However, when I use "su - James" where james is a user defined in the internal ldap server with password {SASL}james@SUB.EXAMPLE.COMmailto:%7bSASL%7djames@SUB.EXAMPLE.COM, then the authentication failed. I check the log file, the internal server did get the search request forwarded from the external ldap server and returned the correct information back. However, I did not see the saslauthd process on either the external or the internal ldap server get any inquiry for the authentication.
On 01/02/13 14:52 -0800, Wu, James C. wrote:
When I add uid to the -D flag in the ldapwhoami, then it failed on both the external and internal ldap servers.
ldapwhoami -x -H ldap://internalldap -D "uid=peter,ou=People,ou=sub,dc=example,dc=com" -w password ldapwhoami -x -H ldap://externalldap -D "uid=peter,ou=People,ou=sub,dc=example,dc=com" -w password
How does this second command (against your internal server) differ from the above verification?