Dear list member,
i am trying to retrieve data from a openldap server. When i issue ldapsearch from local machine itself, every thing works ok, but when i try from a remote host, i got problems related to GSSAPI authentication.
Here you have:
sioux@gustav$ ldapsearch -D cn=ypldap,ou=appsrv,dc=ufv,dc=br -b uid=vlobo,ou=people,dc=ufv,dc=br -W Enter LDAP Password: # extended LDIF # # LDAPv3 # base <uid=vlobo,ou=people,dc=ufv,dc=br> with scope subtree # filter: (objectclass=*) # requesting: ALL #
# vlobo, people, ufv.br dn: uid=vlobo,ou=people,dc=ufv,dc=br uid: vlobo objectClass: organizationalRole objectClass: posixAccount objectClass: qmailUser cn: Valter Lobo uidNumber: 2001 gidNumber: 2000 homeDirectory: /home/vlobo loginShell: /bin/sh gecos: Valter Lobo,,,
# search result search: 2 result: 0 Success
# numResponses: 2 # numEntries: 1 sioux@gustav$
############################################################################
But when i try from a remote host (the same command line with -h option, of course):
sioux@lion$ ldapsearch -D cn=ypldap,ou=appsrv,dc=ufv,dc=br -b ou=people,dc=ufv,dc=br -h gustav.cpd.ufv.br -W Enter LDAP Password: SASL/GSSAPI authentication started ldap_sasl_interactive_bind_s: Local error (-2) additional info: SASL(-1): generic failure: GSSAPI Error: Miscellaneous failure (see text) (open(/tmp/krb5cc_1000): No such file or directory) sioux@lion$
What is it my mistaken ?
Thanks in advance.
On 01/12/13 18:21 -0200, Friedrich Locke wrote:
Dear list member,
i am trying to retrieve data from a openldap server. When i issue ldapsearch from local machine itself, every thing works ok, but when i try from a remote host, i got problems related to GSSAPI authentication.
sioux@lion$ ldapsearch -D cn=ypldap,ou=appsrv,dc=ufv,dc=br -b ou=people,dc=ufv,dc=br -h gustav.cpd.ufv.br -W Enter LDAP Password: SASL/GSSAPI authentication started ldap_sasl_interactive_bind_s: Local error (-2) additional info: SASL(-1): generic failure: GSSAPI Error: Miscellaneous failure (see text) (open(/tmp/krb5cc_1000): No such file or directory) sioux@lion$
You forgot to include a -x option, which indicates that you want to do a non-sasl bind.
openldap-technical@openldap.org