I have setted openldap+sasl+kerberos. It is working but the keberos realm is not seted in the bind dn, why?
Here is my session:
sioux@gustav$ ldapsearch -Y GSSAPI -b "" -s base -LLL supportedSASLMechanisms SASL/GSSAPI authentication started SASL username: sioux@UFV.BR SASL SSF: 56 SASL data security layer installed. dn: supportedSASLMechanisms: OTP supportedSASLMechanisms: NTLM supportedSASLMechanisms: GSSAPI supportedSASLMechanisms: DIGEST-MD5 supportedSASLMechanisms: CRAM-MD5
sioux@gustav$
Here is what i got from slapd err output :
... ... ... do_bind: dn () SASL mech GSSAPI slap_sasl_getdn: u:id converted to uid=sioux,cn=GSSAPI,cn=auth
dnNormalize: <uid=sioux,cn=GSSAPI,cn=auth>
<<< dnNormalize: <uid=sioux,cn=gssapi,cn=auth> ==>slap_sasl2dn: converting SASL name uid=sioux,cn=gssapi,cn=auth to a DN <==slap_sasl2dn: Converted SASL name to <nothing> SASL Authorize [conn=1001]: proxy authorization allowed authzDN="" send_ldap_sasl: err=0 len=-1 do_bind: SASL/GSSAPI bind: dn="uid=sioux,cn=gssapi,cn=auth" sasl_ssf=56 send_ldap_response: msgid=3 tag=97 err=0 ber_flush2: 14 bytes to sd 13 ... ... ...
Any ideia about what is going on ?
--On Tuesday, June 28, 2011 4:36 PM -0300 Friedrich Locke friedrich.locke@gmail.com wrote:
I have setted openldap+sasl+kerberos. It is working but the keberos realm is not seted in the bind dn, why?
==>slap_sasl2dn: converting SASL name uid=sioux,cn=gssapi,cn=auth to a DN <==slap_sasl2dn: Converted SASL name to <nothing>
Again, take time to read the man pages. If you do, you will see the following parameter:
sasl-realm <realm> Specify SASL realm. Default is empty.
--Quanah
--
Quanah Gibson-Mount Sr. Member of Technical Staff Zimbra, Inc A Division of VMware, Inc. -------------------- Zimbra :: the leader in open source messaging and collaboration
openldap-technical@openldap.org
-
Friedrich Locke -
Quanah Gibson-Mount