Hi Dieter
Am 18.12.21 um 07:28 schrieb Dieter Klünter:
/etc/sasl2/slapd.conf mech_list: gssapi digest-md5 cram-md5 external keytab: /etc/openldap/ldap.keytab
/etc/ldap.conf KRB5_KTNAME=/etc/openldap/krb5.keytab SASL_MECH GSSAPI SASL_REALM My.SASL.REALM
The configuration is working but for the symas-packages the files must be in /opt/symas/etc/sasl2 and /opt/symas/etc.
But now the ldap server is GSSAPI missing: ---------- root@ldap01:~# ldapwhoami SASL/GSSAPI authentication started ldap_sasl_interactive_bind: Authentication method not supported (7) additional info: SASL(-4): no mechanism available: Couldn't find mech GSSAPI --------- The package "libsasl2-modules-gssapi-mit", "libgssapi-krb5-2" and "symas-cyrus-sasl-lib" are installed but: --------- root@ldap01:~# ldapsearch -x -H ldapi:/// -b "" -LLL -s base -supportedSASLMechanisms dn: supportedSASLMechanisms: DIGEST-MD5 supportedSASLMechanisms: CRAM-MD5 ---------
Is not showing GSSAPI as valid mechanism. As I said, it's the first time I try the symas-packages with kerberos: Do I miss something else?
If I do the same on Debian10 with the Debian OpenLDAP-packages I get: --------------- root@provider-stat:~# ldapsearch -x -H ldapi:/// -b "" -LLL -s base supportedSASLMechanisms dn: supportedSASLMechanisms: GS2-IAKERB supportedSASLMechanisms: GS2-KRB5 supportedSASLMechanisms: SCRAM-SHA-1 supportedSASLMechanisms: SCRAM-SHA-256 supportedSASLMechanisms: GSS-SPNEGO supportedSASLMechanisms: GSSAPI supportedSASLMechanisms: DIGEST-MD5 supportedSASLMechanisms: EXTERNAL supportedSASLMechanisms: NTLM supportedSASLMechanisms: CRAM-MD5 supportedSASLMechanisms: LOGIN supportedSASLMechanisms: PLAIN ---------------
Stefan