Hi ,
I have installed openldap but I am getting the following error while executing some basic command using SASL/GSS-SPNEGO authentication Where as SASL/EXTERNAL authentication working perfectly.
[root@dtgldap103 LdapCfg]# ldapsearch SASL/GSS-SPNEGO authentication started ldap_sasl_interactive_bind_s: Local error (-2) additional info: SASL(-1): generic failure: GSSAPI Error: Unspecified GSS failure. Minor code may provide more information (SPNEGO cannot find mechanisms to negotiate)
[root@dtgldap103 LdapCfg]# ldapwhoami SASL/GSS-SPNEGO authentication started ldap_sasl_interactive_bind_s: Local error (-2) additional info: SASL(-1): generic failure: GSSAPI Error: Unspecified GSS failure. Minor code may provide more information (SPNEGO cannot find mechanisms to negotiate)
[root@dtgldap103 LdapCfg]# ldapsearch -LLL -s base -b '' '(objectClass=*)' + SASL/GSS-SPNEGO authentication started ldap_sasl_interactive_bind_s: Local error (-2) additional info: SASL(-1): generic failure: GSSAPI Error: Unspecified GSS failure. Minor code may provide more information (SPNEGO cannot find mechanisms to negotiate)
[root@dtgldap103 LdapCfg]# ldapsearch -Y EXTERNAL -H ldapi:/// -b cn=config olcDatabase=config SASL/EXTERNAL authentication started SASL username: gidNumber=0+uidNumber=0,cn=peercred,cn=external,cn=auth SASL SSF: 0 # extended LDIF # # LDAPv3 # base <cn=config> with scope subtree # filter: olcDatabase=config # requesting: ALL #
# {0}config, config dn: olcDatabase={0}config,cn=config objectClass: olcDatabaseConfig olcDatabase: {0}config olcAccess: {0}to * by dn.base="gidNumber=0+uidNumber=0,cn=peercred,cn=external ,cn=auth" manage by * none
# search result search: 2 result: 0 Success
# numResponses: 2 # numEntries: 1
[root@dtgldap103 openldap]# rpm -qa | grep ldap sssd-ldap-1.15.2-50.el7_4.2.x86_64 openldap-clients-2.4.44-5.el7.x86_64 openldap-servers-sql-2.4.44-5.el7.x86_64 openldap-servers-2.4.44-5.el7.x86_64 compat-openldap-2.3.43-5.el7.x86_64 openldap-devel-2.4.44-5.el7.x86_64 openldap-2.4.44-5.el7.x86_64 nss-pam-ldapd-0.8.13-8.0.1.el7.x86_64
Please help me how can I get out of this issue ? I am not able to proceed further for our openldap project without that.
Please let me know if you need any more details.
Thanks & Regards
http://www.proquest.com/ Debashis Chaki ProQuest | The Quorum, Barnwell Road | Cambridge | CB5 8SW | UK debashis.chaki@proquest.com tel: +44 (0)1223 271257 Better research. Better learning. Better insights.