On Wednesday, 18 January 2012 11:06:45 Toomas Vendelin wrote: > Thank you, Dan! > > Indeed, setting > olcSaslHost: ldap.example.com > > instead of > olcSaslHost: kdc.example.com > > solves the issue. > > Now, when I look back for what caused me this hiccup, this has come to > my attention: > - in slapd-config(5): > olcSaslHost: <fqdn> > Used to specify the fully qualified domain name used for SASL > processing. > > ... the description looks somewhat ambiguous to me.
SASL an be a bit ambiguous, and I don't see that the documentation should necessarily cover specific SASL mechs, that is the responsibility of the SASL layer. > It would be less > confusion, if it were "Host running a LDAP server" or similar. But, that is the default (IOW, when you do not specify olcSaslHost it will use the hostname of the server slapd is running on). > Or > perhaps just warning of a possible pitfall - my five cents :). > > And, of course, the Ubuntu tutorial page, that was plain whong, saying: > "#The FQDN of the Kerberos KDC. > olcSaslHost: kerberos.example.com" > > at https://help.ubuntu.com/community/OpenLDAPServer#Kerberos_Authentication So one wonders why we are discussing it on this list .... Regards, Buchan
