Dieter Klünter dieter@dkluenter.de writes:
Am Fri, 20 Dec 2019 20:54:13 +0100 schrieb Stefan Kania stefan@kania-online.de:
Hello,
I try to do the authentication in LDAP via Kerberos. The Kerberos-Database is in LDAP, no problem, I can login to the system as a normal user but when I do a "ldapwhomami" I get the following output: ----------------- u1-verw@ldapserver:~$ ldapwhoami SASL/GSSAPI authentication started SASL username: u1-verw@EXAMPLE.NET SASL SSF: 256 SASL data security layer installed. dn:uid=u1-verw,cn=gssapi,cn=auth
I would like to get the original DN from the user not the dn:*,cn=gssapi,cn=auth. So I put into my configuration:> [...]
I face the same problem with OpenIndiana. To my experience it's only GSSAPI, DIGEST-MD5 and CRAM-MD5 work as expected. But I must admit, it is only on Solaris not on Linux.
A few examples of my sides:
KDC: raspberrypi, OS raspian host: pink, OS OpenSUSE Tumbleweed host: indiana OS OpenIndiana
On Indiana: /usr/lib/openldap/bin/amd64/ldapwhoami -Ygssapi -H ldap://pink.example.com
SASL/GSSAPI authentication started SASL username: dieter@EXAMPLE.COM SASL SSF: 56 SASL data security layer installed. dn:cn=dieter kluenter,ou=partner,o=avci,c=de
/usr/lib/openldap/bin/amd64/ldapwhoami -Y gssapi-H ldap://indiana.example.com SASL/GSSAPI authentication started SASL username: dieter@EXAMPLE.COM SASL SSF: 56 SASL data security layer installed. dn:uid=dieter@example,cn=gssapi,cn=auth
On Tumbleweed:
/usr/bin/ldapwhoami -Y gssapi -H ldap://indiana.example.com SASL/GSSAPI authentication started SASL username: dieter@EXAMPLE.COM SASL SSF: 256 SASL data security layer installed. dn:uid=dieter@example.com,cn=gssapi,cn=auth
LDAP-Server is OpenLDAP-2.4.48 on all hosts and OS's
-Dieter
-- Dieter Klünter | Directory Service http://sys4.de 53°37'09,95"N 10°08'02,42"E