I just got it to work by changing userPassword to {SASL}235807 instead
of [EMAIL PROTECTED]Grant On 9/21/05, Grant Carmichael <[EMAIL PROTECTED]> wrote: > On 9/20/05, Karsten Gorling <[EMAIL PROTECTED]> wrote: > > * Grant Carmichael <[EMAIL PROTECTED]> [050920 19:54]: > > > Hi everyone, > > > > > > I've been working on setting up an enterprise directory > > > using Heimdal Kerberos and OpenLDAP. The one part I'm stuck > > > on is getting simple binds to successfully use SASL to > > > authenticate against Kerberos. Below I've add some of my > > > > Simple Binds doesn't use SASL at all. You have to go an indirect > > route: > > > > 1.) set the UserPassword-Entry to [EMAIL PROTECTED] (you have done that > > allready) > > 2.) start the saslauthd-Daemon on the same computer your > > directory-server runs on. Use as startup-Flag "-a kerberos5" > > 3.) Configure slapd to use the saslauthd-Daemon > > -> search for the sasl2-Library Path usually in /usr/lib/sasl2 or > > /usr/local/lib/sasl2 > > -> in this directory create a file slapd.conf with the following > > content: > > SNIP--> > > pwcheck_method: saslauthd > > mech_list: gssapi > > --<SNAP > > 4.) (Don't know, if its neccessary) Restart slapd > > I've had 1, 2, done. I for step 3 I added mech_list: gssapi to my > /usr/local/lib/sasl2/slapd.conf and I still get the following error > after restarting kdc, slapd, and saslauthd -a kerberos5: > > /usr/local/bin/ldapsearch -x -D > "uid=235807,ou=people,dc=shorter,dc=edu" -w somepass -b > "ou=people,dc=shorter,dc=edu" uid > ldap_bind: Invalid credentials (49) > > Any other ideas? >
