Don't answer directly, answer to the list.

On Mon, 29 Aug 2016, Harry Kashouli wrote:
Gotcha, updated error below:

$ldapsearch -LLL -Y GSSAPI -b cn=users,cn=accounts,$REALM uid=admin
SASL/GSSAPI authentication started
SASL username:
SASL data security layer installed.
No such object (32)

I know the user exists, cause I see the admin (and my other users) in the
FreeIPA web UI, and kinit gives me a valid ticket
Did you replace $REALM above with the correct value? E.g.

ldapsearch -LLL -Y GSSAPI -b cn=users,cn=accounts,dc=outland,dc=zsazouli,dc=com 

As you can see in the SASL output, the GSSAPI negotiation happened
successfully, the "No such object (32)" answer is LDAP return code which
is most likely due to wrong base used. If no object would exist, you'd
get empty successful result instead.


On 29 August 2016 at 01:13, Alexander Bokovoy <> wrote:

On Mon, 29 Aug 2016, Harry Kashouli wrote:

This is the error I get:

ldapsearch -LLL GSSAPI -b cn=users,cn=accounts,$REALM uid=admin
SASL/EXTERNAL authentication started
ldap_sasl_interactive_bind_s: Unknown authentication method (-6)
       additional info: SASL(-4): no mechanism available:

You are using wrong syntax. To specify SASL mechanism, you need to use
-Y option:

ldapsearch -LLL -Y GSSAPI -b cn=users,cn=accounts,$REALM uid=admin

/ Alexander Bokovoy

/ Alexander Bokovoy

Manage your subscription for the Freeipa-users mailing list:
Go to for more info on the project

Reply via email to