Dieter Klünter <dieter(a)dkluenter.de> writes:
Am Fri, 20 Dec 2019 20:54:13 +0100
schrieb Stefan Kania <stefan(a)kania-online.de>:
> Hello,
>
> I try to do the authentication in LDAP via Kerberos. The
> Kerberos-Database is in LDAP, no problem, I can login to the system
> as a normal user but when I do a "ldapwhomami" I get the following
> output: -----------------
> u1-verw@ldapserver:~$ ldapwhoami
> SASL/GSSAPI authentication started
> SASL username: u1-verw(a)EXAMPLE.NET
> SASL SSF: 256
> SASL data security layer installed.
> dn:uid=u1-verw,cn=gssapi,cn=auth
> -----------------
> I would like to get the original DN from the user not the
> dn:*,cn=gssapi,cn=auth. So I put into my configuration:> [...]
I face the same problem with OpenIndiana. To my experience it's only
GSSAPI, DIGEST-MD5 and CRAM-MD5 work as expected. But I must admit, it
is only on Solaris not on Linux.
A few examples of my sides:
KDC: raspberrypi, OS raspian
host: pink, OS OpenSUSE Tumbleweed
host: indiana OS OpenIndiana
On Indiana:
/usr/lib/openldap/bin/amd64/ldapwhoami -Ygssapi -H
ldap://pink.example.com
SASL/GSSAPI authentication started
SASL username: dieter(a)EXAMPLE.COM
SASL SSF: 56
SASL data security layer installed.
dn:cn=dieter kluenter,ou=partner,o=avci,c=de
/usr/lib/openldap/bin/amd64/ldapwhoami -Y gssapi-H
ldap://indiana.example.com
SASL/GSSAPI authentication started
SASL username: dieter(a)EXAMPLE.COM
SASL SSF: 56
SASL data security layer installed.
dn:uid=dieter@example,cn=gssapi,cn=auth
On Tumbleweed:
/usr/bin/ldapwhoami -Y gssapi -H
ldap://indiana.example.com
SASL/GSSAPI authentication started
SASL username: dieter(a)EXAMPLE.COM
SASL SSF: 256
SASL data security layer installed.
dn:uid=dieter@example.com,cn=gssapi,cn=auth
LDAP-Server is OpenLDAP-2.4.48 on all hosts and OS's
-Dieter
--
Dieter Klünter | Directory Service
http://sys4.de
53°37'09,95"N
10°08'02,42"E