Hi Clément,
yep, I know that and it works. But the problem is that this is the only client where I get this behaviour with ldapsearch and I'd like to uderstand why.
The real problem I have behind, is that I saw that to have user authentication over ldap working, I have DESACTIVATE TLS for ldap queries : even for a very internal machine, I really don't want to leave the configuration like that.
Here is what makes it work :
nsswitch.conf : passwd: files ldap
/etc/ldap.conf ... #ssl start_tls #tls_cacertdir /etc/openldap/cacerts ...
I can't leave things like this.
--- Olivier
2015-10-22 18:09 GMT+02:00 Clément OUDOT <clement.oudot@savoirfairelinux.com
:
Le 22/10/2015 17:59, Olivier a écrit :
Hello everyone,
authentication over ldap doesn't work on one of my linux box. Trying to query the ldap server from this machine with ldapsearch, I get this :
$ ldapsearch -ZZZ -h ldap1.example:389 -D uid=olivier,dc=example,dc=fr -b dc=example,dc=fr -W Enter LDAP Password: SASL/GSSAPI authentication started ldap_sasl_interactive_bind_s: Local error (-2) additional info: SASL(-1): generic failure: GSSAPI Error: Unspecified GSS failure. Minor code may provide more information (No credentials cache found)
Do you know why ldapsearch tries to authenticate using GSSAPI ?
I don'use such a mechanism (nor kerberos) and I don't remember that I configured any such a thing.
Any idea to desactivate the attempt to use GSSAPI to authenticate ?
(note: the ldap client is a linux redhat5)
Hi Olivier,
use -x for simple authentication.
-- Clément OUDOT Consultant en logiciels libres, Expert infrastructure et sécurité Savoir-faire Linux