Public bug reported: Binary package hint: slapd
I'm setting up a ldap server allowing gssapi (kerberos) authentication, and it looks like the slapd daemon does not work properly. I've tried with both sasl-gssapi flavours (MIT & heimdal), and both fail when the slapd is running on the ubuntu (hardy) box, but works properly when the slapd is on a debian (etch) box. The behaviour (described below) is the same when I supply the proper KRB5_KTNAME on /etc/default/slapd and when no keytab is supplied there, so it looks like the environment variable is not honoured. When using the Heimdal-GSSAPI library, I get ldap_sasl_interactive_bind_s: Invalid credentials (49) MIT-GSSAPI library gives ldap_sasl_interactive_bind_s: Other (e.g., implementation specific) error (80) and on the credential cache I see two ticket for a ldap principal one with the realm and another one that looks like realm-less. There is also a quite probably related syslog message (selinux disabled, keytab owned by openldap user): kernel: [ 783.797967] audit(1210511590.180:11): type=1503 operation="inode_permission" requested_mask="::a" denied_mask="::a" name="/dev/tty" pid=7408 profile="/usr/sbin/slapd" namespace="default" ** Affects: openldap2.2 (Ubuntu) Importance: Undecided Status: New -- slapd gssapi failure https://bugs.launchpad.net/bugs/229252 You received this bug notification because you are a member of Ubuntu Bugs, which is subscribed to Ubuntu. -- ubuntu-bugs mailing list ubuntu-bugs@lists.ubuntu.com https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs