Heimdal/OpenLDAP init realm issue

Pat Riehecky
Thu, 01 Mar 2007 10:28:11 -0800

I am on an Ubuntu 6.10 server (32 bit x86) I just downloaded the current
source for OpenLDAP (2.3.33) and Heimdal (0.7.2) and complied them both.
When I try to create my realm I get the following output


kadmin> init IWU.EDU
kadmin: hdb_open: ldap_sasl_bind_s: Authentication method not supported
kadmin> list *
kadmin: opening database: ldap_sasl_bind_s: Authentication method not
supported
kadmin: kadm5_get_principals: Wrong database version

my corresponding openldap logs say
Mar  1 11:42:40 comet slapd[6192]: daemon: activity on 1 descriptor 
Mar  1 11:42:40 comet slapd[6192]: daemon: activity on:
Mar  1 11:42:40 comet slapd[6192]:  
Mar  1 11:42:40 comet slapd[6192]: >>> slap_listener(ldapi:///) 
Mar  1 11:42:40 comet slapd[6192]: daemon: listen=9, new connection on
15 
Mar  1 11:42:40 comet slapd[6192]: daemon: added 15r (active)
listener=(nil) 
Mar  1 11:42:40 comet slapd[6192]: conn=3 fd=15 ACCEPT from
PATH=/usr/local/var/run/ldapi (PATH=/usr/local/var/run/ldapi) 
Mar  1 11:42:40 comet slapd[6192]: daemon: epoll: listen=7
active_threads=1 tvp=zero 
Mar  1 11:42:40 comet slapd[6192]: daemon: epoll: listen=8
active_threads=1 tvp=zero 
Mar  1 11:42:40 comet slapd[6192]: daemon: epoll: listen=9
active_threads=1 tvp=zero 
Mar  1 11:42:40 comet slapd[6192]: daemon: activity on 1 descriptor 
Mar  1 11:42:40 comet slapd[6192]: daemon: activity on:
Mar  1 11:42:40 comet slapd[6192]:  15r
Mar  1 11:42:40 comet slapd[6192]:  
Mar  1 11:42:40 comet slapd[6192]: daemon: read active on 15 
Mar  1 11:42:40 comet slapd[6192]: connection_get(15) 
Mar  1 11:42:40 comet slapd[6192]: connection_get(15): got connid=3 
Mar  1 11:42:40 comet slapd[6192]: connection_read(15): checking for
input on id=3 
Mar  1 11:42:40 comet slapd[6192]: do_bind 
Mar  1 11:42:40 comet slapd[6192]: >>> dnPrettyNormal: <> 
Mar  1 11:42:40 comet slapd[6192]: <<< dnPrettyNormal: <>, <> 
Mar  1 11:42:40 comet slapd[6192]: do_sasl_bind: dn () mech EXTERNAL 
Mar  1 11:42:40 comet slapd[6192]: conn=3 op=0 BIND dn="" method=163 
Mar  1 11:42:40 comet slapd[6192]: ==> sasl_bind: dn="" mech=EXTERNAL
datalen=0 
Mar  1 11:42:40 comet slapd[6192]: send_ldap_result: conn=3 op=0 p=3 
Mar  1 11:42:40 comet slapd[6192]: send_ldap_result: err=7 matched=""
text="SASL(-4): no mechanism available: security flags do not match
required" 
Mar  1 11:42:40 comet slapd[6192]: send_ldap_response: msgid=1 tag=97
err=7 
Mar  1 11:42:40 comet slapd[6192]: conn=3 op=0 RESULT tag=97 err=7
text=SASL(-4): no mechanism available: security flags do not match
required 
Mar  1 11:42:40 comet slapd[6192]: <== slap_sasl_bind: rc=7 
Mar  1 11:42:40 comet slapd[6192]: daemon: epoll: listen=7
active_threads=1 tvp=zero 
Mar  1 11:42:40 comet slapd[6192]: daemon: epoll: listen=8
active_threads=1 tvp=zero 
Mar  1 11:42:40 comet slapd[6192]: daemon: epoll: listen=9
active_threads=1 tvp=zero 
Mar  1 11:42:40 comet slapd[6192]: daemon: activity on 1 descriptor 
Mar  1 11:42:40 comet slapd[6192]: daemon: activity on:
Mar  1 11:42:40 comet slapd[6192]:  15r
Mar  1 11:42:40 comet slapd[6192]:  


Here are the bits I think may be relevant from my slapd.conf


sasl-secprops minssf=0,noactive



I know there is much I may have missed, and more I have misunderstood,
but where do I go from here to get this thing working?  I have read
http://www.oreilly.com/catalog/kerberos/index.html
http://www.pdc.kth.se/heimdal/heimdal.html#Using-LDAP-to-store-the-database    
http://people.su.se/~lha/patches/heimdal/ldap-info-doc.txt
http://www.h5l.se/manual/HEAD/info/heimdal.html and
http://www.openinput.com/auth-howto/   what else should I be reading to
make the most of Kerberos?

Pat

Reply via email to

heimdal-discuss

Heimdal/OpenLDAP init realm issue