[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
Re: Heimdal with OpenLDAP backend problems
It sounds like your OpenBSD system doesn't support identity passing over Unix
Domain sockets. We disabled this feature on a number of platforms due to some
vulnerabilities we discovered in the previous methods of credential passing.
But I thought all of the current *BSD distros supported secure mechanisms for
this feature.
Antoine MILLET wrote:
> Hai Zaar wrote:
>>>> my kadmin error :
>>>> kadmin -l
>>>> kadmin> init EPI.NET
>>>> kadmin: hdb_open: ldap_sasl_bind_s: Authentication method not
>>> supported
>> You need to configure your OpenLDAP server to allow SASL-EXTERNAL auth
>> method and grant access to the auth-dn heimldal uses to access LDAP.
>> Please check (or post here) relevant logs from OpenLDAP
>>
>>
> Does I need to use " tls" to do this ?
>
> If you say yes, I need to put a certificate on my kdc to access to the
> OpenLDAP db
>
> Actuallly when I do init in kadmin, OpenLDAP with -d 512 say :
>
> do_abandon: bad msgid 0
>
> And with -d 1 say :
>
> >>> slap_listener(ldapi:///)
> connection_get(11): got connid=0
> connection_read(11): checking for input on id=0
> ber_get_next
> ber_get_next: tag 0x30 len 6 contents:
> ber_get_next
> ber_get_next: tag 0x30 len 24 contents:
> ber_get_next
> do_abandon
> ber_scanf fmt (i) ber:
> do_abandon: bad msgid 0
> do_bind
> ber_scanf fmt ({imt) ber:
> ber_scanf fmt ({m) ber:
> ber_scanf fmt (m) ber:
> ber_scanf fmt (}}) ber:
> >>> dnPrettyNormal: <>
> <<< dnPrettyNormal: <>, <>
> do_sasl_bind: dn () mech EXTERNAL
> send_ldap_result: conn=0 op=1 p=3
> send_ldap_response: msgid=1 tag=97 err=7
> ber_flush: 32 bytes to sd 11
> connection_get(11): got connid=0
> connection_read(11): checking for input on id=0
> ber_get_next
> ber_get_next: tag 0x30 len 5 contents:
> ber_get_next
> ber_get_next on fd 11 failed errno=0 (Undefined error: 0)
> connection_closing: readying conn=0 sd=11 for close
> connection_close: deferring conn=0 sd=11
> do_unbind
> connection_resched: attempting closing conn=0 sd=11
> connection_close: conn=0 sd=11
>
> Thanks.
>
--
-- Howard Chu
Chief Architect, Symas Corp. http://www.symas.com
Director, Highland Sun http://highlandsun.com/hyc/
Chief Architect, OpenLDAP http://www.openldap.org/project/