On 22/12/10 11:00 +0100, Jörg Herzinger wrote:
Hi, I've been running openLDAP with GSSAPI authentication for quite a while now and everything has been running quite fine. The last days I tried enabling SASL password auth as described in [1] Now password authentication works fine, but it seems that GSS somehow has been disabled:
root@ldap1 ~ # ldapsearch -x -H ldap:// -b '' -s base -LLL supportedSASLMechanisms dn:
While without SASL enabled I get:
root@ldap1 ~ # ldapsearch -x -H ldap:// -b '' -s base -LLL supportedSASLMechanisms dn: supportedSASLMechanisms: GSSAPI
Is it possible to enable both, GSS and SASL pass through auth? I checked the dokumentation and couldn't find a clue if it is or not.
openLDAP version is 2.4.11 on Debian Lenny, Kerberos is MIT version 1.6 also on Lenny. Slapd config can be found here [2]
If you've strictly followed the pass-through section of the admin guide, you may have ran into a problem with this example sasl configuration:
mech_list: plain pwcheck_method: saslauthd saslauthd_path: /var/run/sasl2/mux
If that's what you've used, you should either comment out the mech_list line or add 'gssapi' to it.
If that's not the case, can you post your sasl slapd.conf? Are there any other changes involved in your configuration, other than modifying the userPassword attribute in your user entries?