modifying ldap configuration

Mark Pröhl mark at mproehl.net
Mon Feb 18 09:36:33 EST 2013


Am 15.02.2013 07:34, schrieb Asmaa Ahmed:
>
> Hello,
> I am trying to get ldap works with kerberos by enabling sasl kerberos authentication to access LDAProot at auth-dev:/home/aahmed/ldapConfig# cat /etc/ldap/sasl2/slapd.confpwcheck_method: saslauthdmech_list: GSSAPI
> Now I am trying to modify cn=configroot at auth-dev:/home/aahmed/ldapConfig# ldapmodify -Y EXTERNAL -H ldapi:/// -f olcDbIndex.ldifSASL/EXTERNAL authentication startedldap_sasl_interactive_bind_s: Authentication method not supported (7)	additional info: SASL(-4): no mechanism available:
> Is there something missing here? or I am using the wrong options?
> Thanks. 		 	   		
> ________________________________________________
> Kerberos mailing list           Kerberos at mit.edu
> https://mailman.mit.edu/mailman/listinfo/kerberos
>

"mech_list: GSSAPI" in /etc/ldap/sasl2/slapd.conf restricts the list of 
SASL mechanims supported by your openldap server to the GSSAPI 
mechanism. Your LDAP client tries to use the EXTERNAL mechanism: 
"ldapmodify -Y EXTERNAL ..."

You should include EXTERNAL to the mech_list in 
/etc/ldap/sasl2/slapd.conf (and restart slapd)

-- 
Mark Pröhl
mark at mproehl.net
www.kerberos-buch.de



More information about the Kerberos mailing list