SASL + Kerberos + OpenLDAP issue

Xavier Ambrosioni xavier.ambrosioni at cinema-voiron.fr
Fri Feb 20 05:33:05 EST 2009


Hi,

I'm trying to setup OpenLDAP with SASL and GSSAPI. My server is  
running ubuntu "hardy heron" with the following version:
   Cyrus SASL 2.1.22 with gssapi-heimdal module
   OpenLDAP 2.4.9
   Heimdal KDC 1.0.1

My problem is that when I try to perform a ldapsearch with GSSAPI  
protocol it fails with the following error message in slapd log file:  
(passrlsrv is my server name)

Feb 20 11:06:52 passrlsrv slapd[16983]: conn=122 op=0 BIND dn=""  
method=163
Feb 20 11:06:52 passrlsrv slapd[16983]: SASL [conn=122] Failure:  
GSSAPI Error:  An unsupported mechanism was requested (unknown mech- 
code 0 for mech unknown)
Feb 20 11:06:52 passrlsrv slapd[16983]: conn=122 op=0 RESULT tag=97  
err=49 text=SASL(-13): authentication failure: GSSAPI Failure:  
gss_accept_sec_context
Feb 20 11:06:52 passrlsrv slapd[16983]: conn=122 fd=25 closed  
(connection lost)


I added a principal ldap/passrlsrv into my kerberos DB and exported  
this principal to my /etc/krb5.keytab
My slapd.conf contains the parameters sasl-realm and sasl-host.

Any idea of this problem ? Is there something missing in my  
configuration ?

Thank you in advance for your help
Xavier



More information about the Cyrus-sasl mailing list