ldap_sasl_interactive_bind_s: Local error (-2) for SASL/GSS-SPNEGO

Fri, 28 Feb 2020 09:23:41 -0800 

Hi ,

I have installed openldap but I am getting the following error while executing 
some basic command using SASL/GSS-SPNEGO authentication
Where as SASL/EXTERNAL authentication working perfectly.

[root@dtgldap103 LdapCfg]# ldapsearch
SASL/GSS-SPNEGO authentication started
ldap_sasl_interactive_bind_s: Local error (-2)
        additional info: SASL(-1): generic failure: GSSAPI Error: Unspecified 
GSS failure.  Minor code may provide more information (SPNEGO cannot find 
mechanisms to negotiate)

[root@dtgldap103 LdapCfg]# ldapwhoami
SASL/GSS-SPNEGO authentication started
ldap_sasl_interactive_bind_s: Local error (-2)
        additional info: SASL(-1): generic failure: GSSAPI Error: Unspecified 
GSS failure.  Minor code may provide more information (SPNEGO cannot find 
mechanisms to negotiate)

[root@dtgldap103 LdapCfg]# ldapsearch -LLL -s base  -b '' '(objectClass=*)' +
SASL/GSS-SPNEGO authentication started
ldap_sasl_interactive_bind_s: Local error (-2)
        additional info: SASL(-1): generic failure: GSSAPI Error: Unspecified 
GSS failure.  Minor code may provide more information (SPNEGO cannot find 
mechanisms to negotiate)

[root@dtgldap103 LdapCfg]# ldapsearch -Y EXTERNAL -H ldapi:/// -b cn=config 
olcDatabase=config
SASL/EXTERNAL authentication started
SASL username: gidNumber=0+uidNumber=0,cn=peercred,cn=external,cn=auth
SASL SSF: 0
# extended LDIF
#
# LDAPv3
# base <cn=config> with scope subtree
# filter: olcDatabase=config
# requesting: ALL
#

# {0}config, config
dn: olcDatabase={0}config,cn=config
objectClass: olcDatabaseConfig
olcDatabase: {0}config
olcAccess: {0}to * by dn.base="gidNumber=0+uidNumber=0,cn=peercred,cn=external
 ,cn=auth" manage by * none

# search result
search: 2
result: 0 Success

# numResponses: 2
# numEntries: 1

 [root@dtgldap103 openldap]# rpm -qa | grep ldap
sssd-ldap-1.15.2-50.el7_4.2.x86_64
openldap-clients-2.4.44-5.el7.x86_64
openldap-servers-sql-2.4.44-5.el7.x86_64
openldap-servers-2.4.44-5.el7.x86_64
compat-openldap-2.3.43-5.el7.x86_64
openldap-devel-2.4.44-5.el7.x86_64
openldap-2.4.44-5.el7.x86_64
nss-pam-ldapd-0.8.13-8.0.1.el7.x86_64

Please help me how can I get out of this issue ?
I am not able to proceed further for our openldap project without that.

Please let me know if you need any more details.

Thanks & Regards
 
 <http://www.proquest.com/>
Debashis Chaki
ProQuest | The Quorum, Barnwell Road | Cambridge | CB5 8SW | UK
[email protected]  tel: +44 (0)1223 271257
Better research. Better learning. Better insights.

Reply via email to