|
couple of things..
the --with-kerberos and --enable-kpasswd are not necessary..
the {KERBEROS}principal is not needed.. for sasl you need to run the saslauthd daemon and saslauthd needs to know about slapd.. in /usr/local/lib/sasl2 you need a slapd.conf file that contains:
pwcheck_method: saslauthd
saslauthd_path: /usr/local/sbin/mux there are some other pieces out there that can help you with heimdal+openldap. check the contrib section under sources on the openldap.org site.
good luck.
>>> Marcos Aguinaldo Forquesato <guina@ccuec.unicamp.br> 3/9/2005 9:04:09 AM >>> Hello
I've been working on Central Authentication Server with SASL/GSSAPI and OpenLDAP simple bind authentication using kerberos key server. The SASL/GSSAPI authentication is working. However, I've defined userPassword as {SASL}principal@REALM ( and {KERBEROS}principal@REALM ) for simple bind and the test doesn't work. By saslauthd debug, the OpenLDAP doesn't call the saslauthd/kerberos... :-/ I had changed userPassword to "teste123" and it worked perfectly. I'm using FreeBSD 5.3 with OpenLDAP 2.2.23, Heimdal 0.6.3 ( with openldap backend) and cyrus-sasl-saslauthd 2.1.20. I've been working through the docs at http://www.opentechnet.com/auth-howto/ http://www.bayour.com/LDAPv3-HOWTO.html and http://www.openldap.org/lists/openldap-software/200308/msg00158.html http://www.openldap.org/lists/openldap-software/200502/msg00470.html Do you have any clues? Thanks in advance for any help! Aguinaldo --------------- # ldapwhoami -Y EXTERNAL -H ldapi:/// SASL/EXTERNAL authentication started SASL username: uidNumber=0+gidNumber=0,cn=peercred,cn=external,cn=auth SASL SSF: 0 dn:cn=ldapadmin@unicamp.br,ou=kerberos,dc=unicamp,dc=br %ldapwhoami SASL/GSSAPI authentication started SASL username: chico@UNICAMP.BR SASL SSF: 56 SASL installing layers dn:cn=chico silva,ou=kerberos,dc=unicamp,dc=br %ldapsearch -ZZ -H ldap:// -b "" -s base -LLL supportedSASLMechanisms %SASL/GSSAPI authentication started SASL username: chico@UNICAMP.BR SASL SSF: 56 SASL installing layers dn: supportedSASLMechanisms: NTLM supportedSASLMechanisms: LOGIN supportedSASLMechanisms: PLAIN supportedSASLMechanisms: GSSAPI supportedSASLMechanisms: DIGEST-MD5 supportedSASLMechanisms: CRAM-MD5 %/usr/local/sbin/testsaslauthd -u chico -p teste123 -r UNICAMP.BR -s %ldap -f /var/state/saslauthd/mux 0: OK "Success." OpenLDAP - config: /usr/ports/net/openldap23-sasl-server/work/openldap-2.2.23 # ./configure --with-threads=posix --with-tls=openssl --with-kerberos # --enable-kpasswd --enable-dynamic --with-cyrus-sasl # --localstatedir=/var/db --enable-ldbm=yes --enable-crypt # --enable-lmpasswd --enable-ldap=yes --enable-meta=yes --enable-rewrite # --enable-null=yes --enable-monitor=yes --enable-bdb=yes # --enable-hdb=yes --with-ldbm-api=berkeley --enable-spasswd # --enable-wrappers --prefix=/usr/local --build=i386-portbld-freebsd5.3 -- Marcos Aguinaldo Forquesato email:guina at ccuec.unicamp.br Centro de Computação HP:http://www.ccuec.unicamp.br/ Universidade Estadual de Campinas (UNICAMP) |