Interaction between OpenLDAP and Kerberos through SASL

Douglas E. Engert deengert at anl.gov
Wed Dec 5 10:33:55 EST 2007



Andrea wrote:
> Any suggestions about how to use Kerberos in OpenLDAP through SASL
> mechanisms or some other mechanism?

Is done by GSSAPI.

ldapsearch -Y GSSAPI  and maybe the -R realm -U user

On the server the bind dn looks like uid=user,cn=gssapi,cn=auth
you can map this using the sasl-regexp to some other dn,

Then on the server you can add to /etc/default/slapd
KRB5_KTNAME=/etc/ldap/krb5.keytab
export KRB5_KTNAME

The server runs under  the principal LDAP/hostname at realm


> 
> thx in advance,
> ________________________________________________
> Kerberos mailing list           Kerberos at mit.edu
> https://mailman.mit.edu/mailman/listinfo/kerberos
> 
> 

-- 

  Douglas E. Engert  <DEEngert at anl.gov>
  Argonne National Laboratory
  9700 South Cass Avenue
  Argonne, Illinois  60439
  (630) 252-5444



More information about the Kerberos mailing list