* Grant Carmichael <[EMAIL PROTECTED]> [050920 19:54]: > Hi everyone, > > I've been working on setting up an enterprise directory > using Heimdal Kerberos and OpenLDAP. The one part I'm stuck > on is getting simple binds to successfully use SASL to > authenticate against Kerberos. Below I've add some of my
Simple Binds doesn't use SASL at all. You have to go an indirect route: 1.) set the UserPassword-Entry to [EMAIL PROTECTED] (you have done that allready) 2.) start the saslauthd-Daemon on the same computer your directory-server runs on. Use as startup-Flag "-a kerberos5" 3.) Configure slapd to use the saslauthd-Daemon -> search for the sasl2-Library Path usually in /usr/lib/sasl2 or /usr/local/lib/sasl2 -> in this directory create a file slapd.conf with the following content: SNIP--> pwcheck_method: saslauthd mech_list: gssapi --<SNAP 4.) (Don't know, if its neccessary) Restart slapd -- Max-Born-Institut (MBI)/Max-Born-Straße 2A/12489 Berlin/Karsten Gorling Telefon: ++49 30 6392 1341 / Telefax: ++49 30 6392 1309 E-Mail: [EMAIL PROTECTED] or [EMAIL PROTECTED] Instantmessenger: Jabber: [EMAIL PROTECTED] or ICQ: 95492828 PGP-Fingerprint: 4BEF 23EA 02AE BACA 9918 31FF 285B 0426 0E1A B2FC ----------------- > encrypted E-Mail preferred <------------------------
