At 09:21 AM 8/18/2006, chechu chechu wrote: >i have gssapi correctly installed...
It is unclear to me what you mean by this statement. I hope you mean that you have successfully tested, using Cyrus SASL client/server test programs, authentication using any and all of the authentication mechanisms you intend to make use of. Regardless of what you meant, if you haven't yet done this, you should go do that before coming here. >but i get thius error with >ldapsearch : > >[EMAIL PROTECTED]:~# ldapsearch -D "cn=admin,dc=ironman,dc=es" -w secret It's not clear to me why you specify a bind dn here, however, I do note that slapd(8), in accordance with the LDAP technical specification, ignores it of SASL authentication. It's not clear to me why you specify a password when attempting SASL/GSSAPI authentication. Just as when using Cyrus test programs, you should have acquired any necessary Kerberos tickets before executing the program. Lastly, you didn't specify which SASL mechanism to use, so... >SASL/LOGIN authentication started you got what ldapsearch(1) determined was the best available mechanism. >ldap_sasl_interactive_bind_s: Invalid credentials (49) > additional info: SASL(-13): user not found: checkpass failed Apparently the SASL/LOGIN user you are trying to authenticating as is not known to SASL (for authenticating via SASL/LOGIN). >if i do with -x, it works, but I need sasl. >any help is welcomed >thannks
