-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1
SASL [conn=1003] Failure: GSSAPI Error: Unspecified GSS failure. Minor code may provide more information (Configuration file does not specify default realm)
Do you mind showing us your slapd configuration, and also your sasl configuration?
My mistake, I was busy at work, and misunderstood. No need for SASL unless you use userPassword: {SASL}user@realm
I've generated keytab file with ldap/my.ldap.host principal and put it in /etc/ldap/ldap.keytab
Is your server configured to have the keytab in /etc/ldap/ldap.keytab? I use mine from /etc/krb5.keytab normally. See below for more
Because I don't use {SASL} password scheme, there is no special SASL configuration. Usage is like this (client):
ldapsearch -Y GSSAPI SASL/GSSAPI authentication started ldap_sasl_interactive_bind_s: Other (e.g., implementation specific) error (80) additional info: SASL(-1): generic failure: GSSAPI Error: Unspecified GSS failure. Minor code may provide more information (Configuration file does not specify default realm)
What command do you use to generate this error? Do you have a krb5 ticket granted? You can check with klist.
I tried google the problem, but it didn't help.
http://www.openldap.org/doc/admin24/appendix-common-errors.html
That lists the error you have, but it may not be the correct fix you need.
Look at section c.2.4 and c.1.21
Hope this helps you, and gets you on the right track.
William Brown
pgp.mit.edu