Hi Members,
I am trying to get SASL Proxy Authorization in work. GSSAPI authentication is already in place ++++++++++++
SASL/GSSAPI authentication started SASL username: admin@LINUXMANTRA.LOCAL SASL SSF: 56 SASL data security layer installed. dn:uid=admin,cn=gssapi,cn=auth ++++++++++++++++++++++++++
But following command giving error ldapsearch -d 1 -Y GSSAPI -X "uid=vishesh,dc=linuxmantra,dc=local" -b"dc=linuxmantra,dc=local" -s base
I already mentioned "authzTo: dn:uid=vishesh,dc=linuxmantra,dc=local" for admin DN.
Thanks in advance for your help.
On 06/25/13 18:04 +0530, Vishesh kumar wrote:
Hi Members,
I am trying to get SASL Proxy Authorization in work. GSSAPI authentication is already in place ++++++++++++
SASL/GSSAPI authentication started SASL username: admin@LINUXMANTRA.LOCAL SASL SSF: 56 SASL data security layer installed. dn:uid=admin,cn=gssapi,cn=auth ++++++++++++++++++++++++++
Do you actually have an entry of uid=admin,cn=gssapi,cn=auth in your tree? If not, it should map to an actual entry (with authz-regexp), if you are using authzTo for proxy auth.
But following command giving error ldapsearch -d 1 -Y GSSAPI -X "uid=vishesh,dc=linuxmantra,dc=local" -b"dc=linuxmantra,dc=local" -s base
Your -X option should be "dn:uid=vishesh,dc=linuxmantra,dc=local". See the manpage for ldapsearch, and chapter 15 of the Admin Guide on the website.
I already mentioned "authzTo: dn:uid=vishesh,dc=linuxmantra,dc=local" for admin DN.
I able to resolve it. Thanks for info.
On Tue, Jun 25, 2013 at 7:49 PM, Dan White dwhite@olp.net wrote:
On 06/25/13 18:04 +0530, Vishesh kumar wrote:
Hi Members,
I am trying to get SASL Proxy Authorization in work. GSSAPI authentication is already in place ++++++++++++
SASL/GSSAPI authentication started SASL username: admin@LINUXMANTRA.LOCAL SASL SSF: 56 SASL data security layer installed. dn:uid=admin,cn=gssapi,cn=auth ++++++++++++++++++++++++++
Do you actually have an entry of uid=admin,cn=gssapi,cn=auth in your tree? If not, it should map to an actual entry (with authz-regexp), if you are using authzTo for proxy auth.
But following command giving error
ldapsearch -d 1 -Y GSSAPI -X "uid=vishesh,dc=linuxmantra,**dc=local" -b"dc=linuxmantra,dc=local" -s base
Your -X option should be "dn:uid=vishesh,dc=**linuxmantra,dc=local". See the manpage for ldapsearch, and chapter 15 of the Admin Guide on the website.
I already mentioned "authzTo: dn:uid=vishesh,dc=linuxmantra,**dc=local"
for admin DN.
-- Dan White
openldap-technical@openldap.org
-
Dan White -
Vishesh kumar