I did, but still haven't get a response.I just want to confirm something here from the debug logs of apache and ldap/kerb servers that it is davical fault nothing more!As now I am trying to do the authentication using apache
>From apache while trying to login, got that: [Tue Feb 05 02:58:29 2013] [debug] src/mod_auth_kerb.c(994): [client 203.28.249.33] Using HTTP/calendar.domain.com@ as server principal for password verification[Tue Feb 05 02:58:29 2013] [debug] src/mod_auth_kerb.c(698): [client 203.28.249.33] Trying to get TGT for user [email protected][Tue Feb 05 02:58:29 2013] [debug] src/mod_auth_kerb.c(609): [client 203.28.249.33] Trying to verify authenticity of KDC using principal HTTP/calendar.domain.com@[Tue Feb 05 02:58:29 2013] [debug] src/mod_auth_kerb.c(1073): [client 203.28.249.33] kerb_authenticate_user_krb5pwd ret=0 [email protected] authtype=Basic[Tue Feb 05 02:58:29 2013] [debug] src/mod_auth_kerb.c(1534): [client 203.28.249.33] kerb_authenticate_a_name_to_local_name [email protected] -> aahmed[Tue Feb 05 02:58:29 2013] [error] [client 203.28.249.33] davical: ***: ERROR:drivers_ldap : Unable to find the user with filter (&(objectClass=*)(uid=aahmed)) And can see the request also goes in my ldap/kerb server. I don't understand why having multiple entries here, but I can see clearly that some of them are successful and return an entry! Feb 5 02:56:32 ldap slapd[1059]: conn=1459 op=4111 SRCH base="cn=DOMAIN.COM,ou=krb5,dc=domain,dc=com" scope=2 deref=0 filter="(&(|(objectClass=krbPrincipalAux)(objectClass=krbPrincipal))([email protected]))"Feb 5 02:56:32 ldap slapd[1059]: conn=1459 op=4111 SRCH attr=krbprincipalname krbcanonicalname objectclass krbprincipalkey krbmaxrenewableage krbmaxticketlife krbticketflags krbprincipalexpiration krbticketpolicyreference krbUpEnabled krbpwdpolicyreference krbpasswordexpiration krbLastFailedAuth krbLoginFailedCount krbLastSuccessfulAuth krbLastPwdChange krbExtraData krbObjectReferences krbAllowedToDelegateToFeb 5 02:56:32 ldap slapd[1059]: conn=1459 op=4111 SEARCH RESULT tag=101 err=0 nentries=1 text=Feb 5 02:56:32 ldap slapd[1059]: conn=1459 op=4113 SRCH base="cn=DOMAIN.COM,ou=krb5,dc=domain,dc=com" scope=2 deref=0 filter="(&(|(objectClass=krbPrincipalAux)(objectClass=krbPrincipal))(krbPrincipalName=aahmed/[email protected]))"Feb 5 02:56:32 ldap slapd[1059]: conn=1459 op=4113 SRCH attr=krbprincipalname krbcanonicalname objectclass krbprincipalkey krbmaxrenewableage krbmaxticketlife krbticketflags krbprincipalexpiration krbticketpolicyreference krbUpEnabled krbpwdpolicyreference krbpasswordexpiration krbLastFailedAuth krbLoginFailedCount krbLastSuccessfulAuth krbLastPwdChange krbExtraData krbObjectReferences krbAllowedToDelegateToFeb 5 02:56:32 ldap slapd[1059]: conn=1459 op=4113 SEARCH RESULT tag=101 err=0 nentries=0 text=--Feb 5 02:56:32 ldap slapd[1059]: conn=1507 fd=43 ACCEPT from IP=203.28.247.193:38068 (IP=0.0.0.0:389)Feb 5 02:56:32 ldap slapd[1059]: conn=1507 op=0 BIND dn="" method=128Feb 5 02:56:32 ldap slapd[1059]: conn=1507 op=0 RESULT tag=97 err=0 text=Feb 5 02:56:32 ldap slapd[1059]: conn=1507 op=1 SRCH base="ou=People,dc=domain,dc=com" scope=2 deref=0 filter="(&(objectClass=*)(uid=aahmed))"Feb 5 02:56:32 ldap slapd[1059]: conn=1507 op=1 SRCH attr=uid cn mail modifyTimestampFeb 5 02:56:32 ldap slapd[1059]: conn=1507 op=1 SEARCH RESULT tag=101 err=32 nentries=0 text= > Date: Sun, 3 Feb 2013 17:11:09 -0600 > From: [email protected] > To: [email protected] > Subject: Re: client server connection to LDAP/Kerberos > CC: [email protected] > > That would suggest you have a problem is with your Davical configuration. Try > consulting their mailing list/support contact. > > On 02/02/13 12:05 +1100, Asmaa Ahmed wrote: > > > >No, don't have any problem while running these commands from there!I can > >retrieve my data successfully. > > > >Feb 2 11:59:49 ldap slapd[1059]: conn=1374 op=2 BIND dn="" method=163Feb 2 > >11:59:49 ldap slapd[1059]: conn=1374 op=2 BIND authcid="[email protected]" > >authzid="[email protected]"Feb 2 11:59:49 ldap slapd[1059]: conn=1374 op=2 > >BIND dn="uid=aahmed,ou=people,dc=domain,dc=com" mech=GSSAPI sasl_ssf=56 > >ssf=56Feb 2 11:59:49 ldap slapd[1059]: conn=1374 op=2 RESULT tag=97 err=0 > >text=Feb 2 11:59:49 ldap slapd[1059]: conn=1374 op=3 SRCH > >base="dc=domain,dc=com" scope=2 deref=0 filter="(objectClass=*)"Feb 2 > >11:59:49 ldap slapd[1059]: conn=1374 op=3 SEARCH RESULT tag=101 err=0 > >nentries=11 text=Feb 2 11:59:49 ldap slapd[1059]: conn=1374 op=4 UNBIND > >Thanks. > >> Date: Fri, 1 Feb 2013 13:53:29 -0600 > >> From: [email protected] > >> To: [email protected] > >> CC: [email protected] > >> Subject: Re: client server connection to LDAP/Kerberos > >> > >> On 02/01/13 10:08 +1100, Asmaa Ahmed wrote: > >> >Hello, > >> > > >> >I recently added Kerberos authentication to my LDAP server, and I am > >> >trying > >> >to connect the other servers to it. > >> >I have a server running Davical shared calendar, and I hope to get it > >> >working with my LDAP server again after Kerberos integration. > >> > > > >> Can you reproduce this problem with ldapsearch and/or ldapwhoami (-Y > >> GSSAPI) on the server which is running davical? > > -- > Dan White >
