Am 15.02.2013 07:34, schrieb Asmaa Ahmed: > > Hello, > I am trying to get ldap works with kerberos by enabling sasl kerberos > authentication to access LDAProot@auth-dev:/home/aahmed/ldapConfig# cat > /etc/ldap/sasl2/slapd.confpwcheck_method: saslauthdmech_list: GSSAPI > Now I am trying to modify cn=configroot@auth-dev:/home/aahmed/ldapConfig# > ldapmodify -Y EXTERNAL -H ldapi:/// -f olcDbIndex.ldifSASL/EXTERNAL > authentication startedldap_sasl_interactive_bind_s: Authentication method not > supported (7) additional info: SASL(-4): no mechanism available: > Is there something missing here? or I am using the wrong options? > Thanks. > ________________________________________________ > Kerberos mailing list [email protected] > https://mailman.mit.edu/mailman/listinfo/kerberos >
"mech_list: GSSAPI" in /etc/ldap/sasl2/slapd.conf restricts the list of SASL mechanims supported by your openldap server to the GSSAPI mechanism. Your LDAP client tries to use the EXTERNAL mechanism: "ldapmodify -Y EXTERNAL ..." You should include EXTERNAL to the mech_list in /etc/ldap/sasl2/slapd.conf (and restart slapd) -- Mark Pröhl [email protected] www.kerberos-buch.de ________________________________________________ Kerberos mailing list [email protected] https://mailman.mit.edu/mailman/listinfo/kerberos
