On Friday 04 January 2008 16:46:40 sanjay gupta wrote: > Hello, > > I have done default compilation for openldap-2.3.38 now trying to run ldap > client (ldapsearch) with Kerberos so that ldap client can use session > ticket to perform the LDAP lookup on LDAP server.Please let me know what > required to make ldap client work with kerberos. > > I did not see any option to compile & build openldap lib with kerberos > support & when I do ldapsearch with -K option it shows error "ldapsearch: > not compiled with Kerberos support".
$ ldapsearch (specifically no -x flag, as you want SASL). should be sufficient, assuming all your configuration is correct, you have a ticket, and the LDAP server has a keytab for ldap/$hostname, where you are connecting to '$hostname' (in your ldap.conf, or via -h $hostname). Of course, some logging output from your LDAP server, and the KDCs the LDAP server and LDAP clients are configured to use would help. > Please suggest me the right way to do ldapsearch with kerberos support or > what client & server command line option required to run it with kerberos. Without -x, ldapsearch will use SASL. Additionally, ldapsearch will try and do the most appropriate thing, with a ticket, if your LDAP server has GSSAPI available (and avertised as one of the supportedSASLMechanisms) Regards, Buchan
