Is this possible? The only way to connect to my OpenLDAP server is through Kerberos, I disabled all other authentications. I created a principal for nss_ldap and I exported its key to the keytab file on the server. How can I force nss_ldap to use it to connect my ldap server?
Here is the contents of my /etc/libnss_ldap.conf: base dc=mydomain,dc=com uri ldaps://machine1 ldap_version 3 nss_base_passwd ou=People,dc=mydomain,dc=com nss_base_shadow ou=People,dc=mydomain,dc=com nss_base_group ou=Group,dc=mydomain,dc=com ssl start_tls ssl on use_sasl on sasl_auth_id sasl_auth_id nssldap/machine1 Note that my Kerberos is working correctly and I can successfully ldapsearch -Y GSSAPI over a self-signed certificate. Thank you Amir _________________________________________________________________ Invite your mail contacts to join your friends list with Windows Live Spaces. It's easy! http://spaces.live.com/spacesapi.aspx?wx_action=create&wx_url=/friends.aspx&mkt=en-us
