On 05/30/2013 09:01 AM, Bernardo Pastorelli wrote: > I create two LDAP sessions; in one of them I perform a bind for > Administrator, in the other one I perform a bind for user1. In the kerberos > cache (type DIR) I see a tgt and an ldap ticket for both Administrator and > user1. > > Then, using the Administrator's LDAP session, I try searching the Active > Directory. This operation fails. > In the kerberos trace I see that the cache selection logic simply searches > all the entries in the cache for a valid connection to the LDAP server [...]
If you're using an existing LDAP session, I don't think there should be any ccache operations at all, because you shouldn't be creating a new security context. Can you look more closely at this code path, paying particular attention to any logic resulting in calls to gss_acquire_cred or gss_init_sec_context? ________________________________________________ Kerberos mailing list [email protected] https://mailman.mit.edu/mailman/listinfo/kerberos
