SASL + Kerberos + OpenLDAP issue
Xavier Ambrosioni
xavier.ambrosioni at cinema-voiron.fr
Fri Feb 20 05:33:05 EST 2009
Hi,
I'm trying to setup OpenLDAP with SASL and GSSAPI. My server is
running ubuntu "hardy heron" with the following version:
Cyrus SASL 2.1.22 with gssapi-heimdal module
OpenLDAP 2.4.9
Heimdal KDC 1.0.1
My problem is that when I try to perform a ldapsearch with GSSAPI
protocol it fails with the following error message in slapd log file:
(passrlsrv is my server name)
Feb 20 11:06:52 passrlsrv slapd[16983]: conn=122 op=0 BIND dn=""
method=163
Feb 20 11:06:52 passrlsrv slapd[16983]: SASL [conn=122] Failure:
GSSAPI Error: An unsupported mechanism was requested (unknown mech-
code 0 for mech unknown)
Feb 20 11:06:52 passrlsrv slapd[16983]: conn=122 op=0 RESULT tag=97
err=49 text=SASL(-13): authentication failure: GSSAPI Failure:
gss_accept_sec_context
Feb 20 11:06:52 passrlsrv slapd[16983]: conn=122 fd=25 closed
(connection lost)
I added a principal ldap/passrlsrv into my kerberos DB and exported
this principal to my /etc/krb5.keytab
My slapd.conf contains the parameters sasl-realm and sasl-host.
Any idea of this problem ? Is there something missing in my
configuration ?
Thank you in advance for your help
Xavier
More information about the Cyrus-sasl
mailing list