Public bug reported:
Binary package hint: slapd
I'm setting up a ldap server allowing gssapi (kerberos) authentication,
and it looks like the slapd daemon does not work properly. I've tried
with both sasl-gssapi flavours (MIT & heimdal), and both fail when the
slapd is running on the ubuntu (hardy) box, but works properly when the
slapd is on a debian (etch) box.
The behaviour (described below) is the same when I supply the proper
KRB5_KTNAME on /etc/default/slapd and when no keytab is supplied there,
so it looks like the environment variable is not honoured.
When using the Heimdal-GSSAPI library, I get
ldap_sasl_interactive_bind_s: Invalid credentials (49)
MIT-GSSAPI library gives
ldap_sasl_interactive_bind_s: Other (e.g., implementation specific) error (80)
and on the credential cache I see two ticket for a ldap principal one with the
realm and another one that looks like realm-less.
There is also a quite probably related syslog message (selinux disabled, keytab
owned by openldap user):
kernel: [ 783.797967] audit(1210511590.180:11): type=1503
operation="inode_permission" requested_mask="::a" denied_mask="::a"
name="/dev/tty" pid=7408 profile="/usr/sbin/slapd" namespace="default"
** Affects: openldap2.2 (Ubuntu)
Importance: Undecided
Status: New
--
slapd gssapi failure
https://bugs.launchpad.net/bugs/229252
You received this bug notification because you are a member of Ubuntu
Bugs, which is subscribed to Ubuntu.
--
ubuntu-bugs mailing list
ubuntu-bugs@lists.ubuntu.com
https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs
