Interaction between OpenLDAP and Kerberos through SASL
Douglas E. Engert
deengert at anl.gov
Wed Dec 5 10:33:55 EST 2007
Andrea wrote:
> Any suggestions about how to use Kerberos in OpenLDAP through SASL
> mechanisms or some other mechanism?
Is done by GSSAPI.
ldapsearch -Y GSSAPI and maybe the -R realm -U user
On the server the bind dn looks like uid=user,cn=gssapi,cn=auth
you can map this using the sasl-regexp to some other dn,
Then on the server you can add to /etc/default/slapd
KRB5_KTNAME=/etc/ldap/krb5.keytab
export KRB5_KTNAME
The server runs under the principal LDAP/hostname at realm
>
> thx in advance,
> ________________________________________________
> Kerberos mailing list Kerberos at mit.edu
> https://mailman.mit.edu/mailman/listinfo/kerberos
>
>
--
Douglas E. Engert <DEEngert at anl.gov>
Argonne National Laboratory
9700 South Cass Avenue
Argonne, Illinois 60439
(630) 252-5444
More information about the Kerberos
mailing list