modifying ldap configuration
Mark Pröhl
mark at mproehl.net
Mon Feb 18 09:36:33 EST 2013
Am 15.02.2013 07:34, schrieb Asmaa Ahmed:
>
> Hello,
> I am trying to get ldap works with kerberos by enabling sasl kerberos authentication to access LDAProot at auth-dev:/home/aahmed/ldapConfig# cat /etc/ldap/sasl2/slapd.confpwcheck_method: saslauthdmech_list: GSSAPI
> Now I am trying to modify cn=configroot at auth-dev:/home/aahmed/ldapConfig# ldapmodify -Y EXTERNAL -H ldapi:/// -f olcDbIndex.ldifSASL/EXTERNAL authentication startedldap_sasl_interactive_bind_s: Authentication method not supported (7) additional info: SASL(-4): no mechanism available:
> Is there something missing here? or I am using the wrong options?
> Thanks.
> ________________________________________________
> Kerberos mailing list Kerberos at mit.edu
> https://mailman.mit.edu/mailman/listinfo/kerberos
>
"mech_list: GSSAPI" in /etc/ldap/sasl2/slapd.conf restricts the list of
SASL mechanims supported by your openldap server to the GSSAPI
mechanism. Your LDAP client tries to use the EXTERNAL mechanism:
"ldapmodify -Y EXTERNAL ..."
You should include EXTERNAL to the mech_list in
/etc/ldap/sasl2/slapd.conf (and restart slapd)
--
Mark Pröhl
mark at mproehl.net
www.kerberos-buch.de
More information about the Kerberos
mailing list