OpenLDAP relies on Cyrus SASL to manage this authentication. OpenLDAP doesn't deal with the tickets or other Kerberos details. Hence, this problem is not really specific to OpenLDAP. You should make sure Kerberos is working using various applications distributed with your Kerberos software, and then make sure Cyrus SASL's GSSAPI implementation is working using sample programs in Cyrus SASL. If you have gotten the above to work, then OpenLDAP should just work.
Kurt At 12:54 AM 7/29/2005, Alex S Moore wrote: >I have searched, read, google'd, et.al. and am at a loss. > >All that I want to do at this time is use ldapsearch with gssapi. The >output is attached. > >I created the keytab entry for the FQDN, but oddly, I had to use just >ldap/host without the dns domain name. That really does not matter, but >it is in the output. > >After running the first ldapsearch, I see the ticket for the ldap >server, service principal ldap/[EMAIL PROTECTED] The kdc is happy >and records the TGS_REQ as successful. > >But this line from ldapsearch debug output is most puzzling: >ldap_sasl_interactive_bind_s: Internal (implementation specific) error >(80) additional info: SASL(-1): generic failure: GSSAPI Error: >Miscellaneous failure (File exists) > > >Help, >Alex > >-- >
