ldapsearch with debugging enabled and see what it's doing :-
[EMAIL PROTECTED] tools]# ./ldapsearch -Y GSSAPI -d 1
ldap_create
ldap_sasl_interactive_bind_s: user selected: GSSAPI
ldap_int_sasl_bind: GSSAPI
ldap_new_connection 1 1 0
ldap_int_open_connection
ldap_connect_to_host: TCP 127.0.0.1:389
ldap_new_socket: 3
ldap_prepare_socket: 3
ldap_connect_to_host: Trying 127.0.0.1:389
ldap_connect_timeout: fd: 3 tm: -1 async: 0
ldap_int_sasl_open: host=localhost.localdomain
ldap_perror
ldap_sasl_interactive_bind_s: Unknown authentication method (-6)
additional info: SASL(-4): no mechanism available: No worthy mechs found
It seems that LDAP server has not
GSSAPI available.
So how can we add GSSAPI support in LDAP server for making it work??
Thanks,
Sanjay
----- Original Message ----
From: Buchan Milne <[EMAIL PROTECTED]>
To: [email protected]
Cc: sanjay gupta <[EMAIL PROTECTED]>
Sent: Monday, January 7, 2008 1:29:22 PM
Subject: Re: LDAP Client & Server with Kerberos
On Friday 04 January 2008 16:46:40 sanjay gupta wrote:
> Hello,
>
> I have done default compilation for openldap-2.3.38 now trying to run
ldap
> client (ldapsearch) with Kerberos so that ldap client can use session
> ticket to perform the LDAP lookup on LDAP server.Please let me know
what
> required to make ldap client work with kerberos.
>
> I did not see any option to compile & build openldap lib with
kerberos
> support & when I do ldapsearch with -K option it shows error
"ldapsearch:
> not compiled with Kerberos support".
$ ldapsearch
(specifically no -x flag, as you want SASL).
should be sufficient, assuming all your configuration is correct, you
have a
ticket, and the LDAP server has a keytab for ldap/$hostname, where you
are
connecting to '$hostname' (in your ldap.conf, or via -h $hostname).
Of course, some logging output from your LDAP server, and the KDCs the
LDAP
server and LDAP clients are configured to use would help.
> Please suggest me the right way to do ldapsearch with kerberos
support or
> what client & server command line option required to run it with
kerberos.
Without -x, ldapsearch will use SASL. Additionally, ldapsearch will try
and do
the most appropriate thing, with a ticket, if your LDAP server has
GSSAPI
available (and avertised as one of the supportedSASLMechanisms)
Regards,
Buchan
____________________________________________________________________________________
Looking for last minute shopping deals?
Find them fast with Yahoo! Search.
http://tools.search.yahoo.com/newsearch/category.php?category=shopping
