Hi ,
I have installed openldap but I am getting the following error while executing some basic command using SASL/GSS-SPNEGO authentication Where as SASL/EXTERNAL authentication working perfectly.
[root@dtgldap103 LdapCfg]# ldapsearch SASL/GSS-SPNEGO authentication started ldap_sasl_interactive_bind_s: Local error (-2) additional info: SASL(-1): generic failure: GSSAPI Error: Unspecified GSS failure. Minor code may provide more information (SPNEGO cannot find mechanisms to negotiate)
[root@dtgldap103 LdapCfg]# ldapwhoami SASL/GSS-SPNEGO authentication started ldap_sasl_interactive_bind_s: Local error (-2) additional info: SASL(-1): generic failure: GSSAPI Error: Unspecified GSS failure. Minor code may provide more information (SPNEGO cannot find mechanisms to negotiate)
[root@dtgldap103 LdapCfg]# ldapsearch -LLL -s base -b '' '(objectClass=*)' + SASL/GSS-SPNEGO authentication started ldap_sasl_interactive_bind_s: Local error (-2) additional info: SASL(-1): generic failure: GSSAPI Error: Unspecified GSS failure. Minor code may provide more information (SPNEGO cannot find mechanisms to negotiate)
[root@dtgldap103 LdapCfg]# ldapsearch -Y EXTERNAL -H ldapi:/// -b cn=config olcDatabase=config SASL/EXTERNAL authentication started SASL username: gidNumber=0+uidNumber=0,cn=peercred,cn=external,cn=auth SASL SSF: 0 # extended LDIF # # LDAPv3 # base <cn=config> with scope subtree # filter: olcDatabase=config # requesting: ALL #
# {0}config, config dn: olcDatabase={0}config,cn=config objectClass: olcDatabaseConfig olcDatabase: {0}config olcAccess: {0}to * by dn.base="gidNumber=0+uidNumber=0,cn=peercred,cn=external ,cn=auth" manage by * none
# search result search: 2 result: 0 Success
# numResponses: 2 # numEntries: 1
[root@dtgldap103 openldap]# rpm -qa | grep ldap sssd-ldap-1.15.2-50.el7_4.2.x86_64 openldap-clients-2.4.44-5.el7.x86_64 openldap-servers-sql-2.4.44-5.el7.x86_64 openldap-servers-2.4.44-5.el7.x86_64 compat-openldap-2.3.43-5.el7.x86_64 openldap-devel-2.4.44-5.el7.x86_64 openldap-2.4.44-5.el7.x86_64 nss-pam-ldapd-0.8.13-8.0.1.el7.x86_64
Please help me how can I get out of this issue ? I am not able to proceed further for our openldap project without that.
Please let me know if you need any more details.
Thanks & Regards
http://www.proquest.com/ Debashis Chaki ProQuest | The Quorum, Barnwell Road | Cambridge | CB5 8SW | UK debashis.chaki@proquest.com tel: +44 (0)1223 271257 Better research. Better learning. Better insights.
--On Friday, February 28, 2020 2:26 PM +0000 Debashis Chaki Debashis.Chaki@proquest.com wrote:
Hi ,
I have installed openldap but I am getting the following error while executing some basic command using SASL/GSS-SPNEGO authentication Where as SASL/EXTERNAL authentication working perfectly.
Have you configured slapd for use with Kerberos?
--Quanah
--
Quanah Gibson-Mount Product Architect Symas Corporation Packaged, certified, and supported LDAP solutions powered by OpenLDAP: http://www.symas.com
No I have not configured slapd to use Kerberos.
Here is the out put of /var/sysconfig/slapd
[root@dtgldap103 etc]# cat /var/sysconfig/slapd cat: /var/sysconfig/slapd: No such file or directory [root@dtgldap103 etc]# cat /etc/sysconfig/slapd # OpenLDAP server configuration # see 'man slapd' for additional information
# Where the server will run (-h option) # - ldapi:/// is required for on-the-fly configuration using client tools # (use SASL with EXTERNAL mechanism for authentication) # - default: ldapi:/// ldap:/// # - example: ldapi:/// ldap://127.0.0.1/ ldap://10.0.0.1:1389/ ldaps:/// SLAPD_URLS="ldapi:/// ldap:///"
# Any custom options #SLAPD_OPTIONS=""
# Keytab location for GSSAPI Kerberos authentication #KRB5_KTNAME="FILE:/etc/openldap/ldap.keytab"
Thanks & Regards
http://www.proquest.com/ Debashis Chaki ProQuest | The Quorum, Barnwell Road | Cambridge | CB5 8SW | UK debashis.chaki@proquest.com tel: +44 (0)1223 271257 Better research. Better learning. Better insights.
On 2/29/20, 6:01 PM, "Quanah Gibson-Mount" quanah@symas.com wrote:
[External Email]
--On Friday, February 28, 2020 2:26 PM +0000 Debashis Chaki Debashis.Chaki@proquest.com wrote:
> Hi , > > I have installed openldap but I am getting the following error while > executing some basic command using SASL/GSS-SPNEGO authentication Where > as SASL/EXTERNAL authentication working perfectly.
Have you configured slapd for use with Kerberos?
--Quanah
--
Quanah Gibson-Mount Product Architect Symas Corporation Packaged, certified, and supported LDAP solutions powered by OpenLDAP: <https://urldefense.proofpoint.com/v2/url?u=http-3A__www.symas.com&d=DwIC... >
--On Monday, March 2, 2020 1:18 PM +0000 Debashis Chaki Debashis.Chaki@proquest.com wrote:
No I have not configured slapd to use Kerberos.
GSS-SPNEGO requires Kerberos. I suggest setting up your systems accordingly.
Regards, Quanah
--
Quanah Gibson-Mount Product Architect Symas Corporation Packaged, certified, and supported LDAP solutions powered by OpenLDAP: http://www.symas.com
openldap-technical@openldap.org
-
Debashis Chaki -
Quanah Gibson-Mount