At 02:51 AM 8/9/2006, chechu chechu wrote: >yeah¿ i know the -x is for simple auth, but my pdc is working now with >openldap+ssl+samba, and i wanT add kerberos+openafs, and i have to get >the sasl auth, and the error trhat i get with > > ldapsearch -D "cn=admin,dc=ironman,dc=es" -w secret -d 16383
Why do you specify a Bind DN when intending to SASL authentication? Per the specification, the server ignores any Bind DN. As noted repeatedly on this list, before you attempt SASL authentication with OpenLDAP Software, you should first make sure SASL authentication using Cyrus SASL sample/test programs works. And if you intent is to use Kerberos authentication, before you even try the SASL GSSAPI mechanism in Cyrus SASL sample/test programs, you likely should make your Kerberos environment is healthy. -- Kurt >is: > > >ldap_msgfree >ldap_sasl_interactive_bind_s: server supports: GSSAPI NTLM LOGIN PLAIN >DIGEST-MD5 CRAM-MD5 >ldap_int_sasl_bind: GSSAPI NTLM LOGIN PLAIN DIGEST-MD5 CRAM-MD5 >ldap_int_sasl_open: host=shogun.ironman.es >SASL/GSSAPI authentication started >ldap_perror >ldap_sasl_interactive_bind_s: Local error (-2) > additional info: SASL(-1): generic failure: GSSAPI Error: >Miscellaneous failure (No credentials cache found) > > >thanks
