On 9/20/05, Karsten Gorling <[EMAIL PROTECTED]> wrote: > * Grant Carmichael <[EMAIL PROTECTED]> [050920 19:54]: > > Hi everyone, > > > > I've been working on setting up an enterprise directory > > using Heimdal Kerberos and OpenLDAP. The one part I'm stuck > > on is getting simple binds to successfully use SASL to > > authenticate against Kerberos. Below I've add some of my > > Simple Binds doesn't use SASL at all. You have to go an indirect > route: > > 1.) set the UserPassword-Entry to [EMAIL PROTECTED] (you have done that > allready) > 2.) start the saslauthd-Daemon on the same computer your > directory-server runs on. Use as startup-Flag "-a kerberos5" > 3.) Configure slapd to use the saslauthd-Daemon > -> search for the sasl2-Library Path usually in /usr/lib/sasl2 or > /usr/local/lib/sasl2 > -> in this directory create a file slapd.conf with the following > content: > SNIP--> > pwcheck_method: saslauthd > mech_list: gssapi > --<SNAP > 4.) (Don't know, if its neccessary) Restart slapd
I've had 1, 2, done. I for step 3 I added mech_list: gssapi to my /usr/local/lib/sasl2/slapd.conf and I still get the following error after restarting kdc, slapd, and saslauthd -a kerberos5: /usr/local/bin/ldapsearch -x -D "uid=235807,ou=people,dc=shorter,dc=edu" -w somepass -b "ou=people,dc=shorter,dc=edu" uid ldap_bind: Invalid credentials (49) Any other ideas?
