On 30/06/10 18:43 +0200, Michael Ströder wrote:
Dan White wrote:
On 23/06/10 10:27 -0300, Diego Lima wrote:
I'm trying to set up openldap to authenticate using my kerberos service, but I'm not having success so far.
The userPassword value translates to {SASL}diego.lima@USERS
IMO that's not needed for SASL/GSSAPI.
When doing a SASL bind, you should specify the same username that you are authentication with, for saslauthd. Use a '-U diego.lima@USERS' instead of a -D option:
ldapwhoami -U diego.lima@USERS
He would also have to specify -Y GSSAPI. And off course slapd has to be kerberized first to make this work.
Presumably he is doing plaintext authentication to slapd rather than gssapi, and having saslauthd validate the username and password against a kerberos5 server.