[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
Re: OpenLDAP / SASL / Heimdal
Am Montag, 7. Juni 2004 14:58 schrieb sam:
> Andreas Haupt wrote:
> In your slapd.conf file, make sure there are entires like this:
> # -----------sample-------------------
> TLSCACertificateFile /opt/secure/myCA/cacert.pem
> TLSCACertificatePath /opt/secure/myCA/certs
> TLSCertificateFile /opt/secure/myCA/certs/ldap/ldapsignedreq.pem
> TLSCertificateKeyFile /opt/secure/myCA/certs/ldap/ldapkey.pem
> TLSVerifyClient allow
> TLSRandFile /dev/urandom
> pidfile /var/run/openldap/slapd.pid
> argsfile /var/run/openldap/slapd.args
> database bdb
> suffix "dc=hmi,dc=de"
> #sasl-realm XYZ.COM
> #sasl-host fbsd.xyz.com
> #sasl-realm XYZ.COM
> sasl-regexp
> uid=Manager,cn=dice.hmi.de,cn=gssapi,cn=auth
> uid=Manager,dc=dice,dc=hmi,dc=de
> directory /var/db/openldap-data
> loglevel 256
Thanks, that pointed me to the right direction. I had sasl-host set to my
kerberos server. But that's different from the ldap server... I now
corrected it and it works!
blh@dice:~> ldapwhoami -H ldap://dice.hmi.de/ -D "cn=dice,dc=hmi,dc=de" -Y
GSSAPI
SASL/GSSAPI authentication started
SASL username: blh@HMI.DE
SASL SSF: 56
SASL installing layers
dn:uid=blh,cn=hmi.de,cn=gssapi,cn=auth
blh@dice:~>
Thank you very much!
Andreas
--
| Andreas Haupt | E-Mail: andreas.haupt@hmi.de
| Hahn-Meitner-Institut (DN) | WWW:
| Glienicker Straße 100 | Phone: +49/30/8062-2597
| 14109 Berlin | Fax: +49/30/8062-2096