[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: OpenLDAP / SASL / Heimdal

To: sam <samwun@hgcbroadband.com>
Subject: Re: OpenLDAP / SASL / Heimdal
From: Andreas Haupt <andreas.haupt@hmi.de>
Date: Mon, 7 Jun 2004 14:43:46 +0200
Cc: heimdal-discuss@sics.se
In-Reply-To: <40C45F91.4000502@hgcbroadband.com>
Organization: Hahn-Meitner-Institut
References: <200406071242.01432.andreas.haupt@hmi.de> <200406071344.20769.andreas.haupt@hmi.de> <40C45F91.4000502@hgcbroadband.com>
Sender: owner-heimdal-discuss@sics.se
User-Agent: KMail/1.5.4

Am Montag, 7. Juni 2004 14:29 schrieb sam:
> Andreas Haupt wrote:
> >blh@dice:~> ldapsearch -x -H ldap://dice.hmi.de/  -b "" -s base -LLL
> >supportedSASLMechanisms
> >dn:
> >supportedSASLMechanisms: GSSAPI
> >
> >blh@dice:~> ldapwhoami -H ldap://dice.hmi.de/ -D
> > "cn=dice,dc=hmi,dc=de" -Y GSSAPI
> >SASL/GSSAPI authentication started
> >ldap_sasl_interactive_bind_s: Invalid credentials (49)
> >        additional info: SASL(-13): authentication failure: GSSAPI
> >Failure: gss_accept_sec_context
> >blh@dice:~> klist
> >Credentials cache: FILE:/tmp/krb5cc_10296
> >        Principal: blh@HMI.DE
> >
> >  Issued           Expires          Principal
> >Jun  7 13:07:21  Jun  8 14:07:21  krbtgt/HMI.DE@HMI.DE
> >Jun  7 13:32:38  Jun  8 14:07:21  ldap/dice.hmi.de@HMI.DE
> >blh@dice:~>
> >
> >So I got a ticket. The rest is hopefully not complicated...
> >
> >Greetings
> >Andreas
>
> Can you test whether uesr blh can login to blh itself first? like this:
> blh$ telnet -ax -l blh dice.hmi.de

Yes, GSSAPI already works fine together with OpenSSH 3.8p1.

> ==== cut this to your file as rootdn.ldif ==========
> dn: dc=dice,dc=hmi,dc=de
> objectClass: dcObject
> objectClass: organization
> dc: dice
> o: My Play Ground
> description: My Play Ground  LDAP Database
>
> # Administrative user for SoM Ldap database
> dn: cn=root,dc=dice,dc=hmi,dc=de
> objectClass: organizationalRole
> cn: root
> description: SuperUser for Ldap Services
> ============end if rootdn.ldif==================

I only have:

dn: dc=hmi,dc=de
dc: hmi
objectClass: top
objectClass: dcObject
objectClass: organization
o: Hahn-Meitner-Institut
description: Hahn-Meitner-Institut

# Administrative user for SoM Ldap database
dn: cn=Manager,dc=hmi,dc=de
objectClass: organizationalRole
cn: Manager
description: SuperUser for Ldap Services

Do I need root?

> In your DNS setup, make sure dice is the offical host name not a CNAME.

Yes, that's OK.

Thanks
Andreas

-- 
| Andreas Haupt                    | E-Mail:  andreas.haupt@hmi.de
| Hahn-Meitner-Institut (DN)       | WWW:
| Glienicker Straße 100            | Phone:   +49/30/8062-2597
| 14109 Berlin                     | Fax:     +49/30/8062-2096

Follow-Ups:
- Re: OpenLDAP / SASL / Heimdal
  - From: sam <samwun@hgcbroadband.com>

References:
- OpenLDAP / SASL / Heimdal
  - From: Andreas Haupt <andreas.haupt@hmi.de>
- Re: OpenLDAP / SASL / Heimdal
  - From: Andreas Haupt <andreas.haupt@hmi.de>
- Re: OpenLDAP / SASL / Heimdal
  - From: sam <samwun@hgcbroadband.com>

Prev by Date: Re: OpenLDAP / SASL / Heimdal
Next by Date: Re: OpenLDAP / SASL / Heimdal
Prev by thread: Re: OpenLDAP / SASL / Heimdal
Next by thread: Re: OpenLDAP / SASL / Heimdal
Index(es):
- Date
- Thread