Ok I've tried that and my AD server supports all mechanism you listed above. The problem is that I'm compiling a client application and I'd like to use GSSAPI mechanism, but when I compile OpenLDAP I'm not sure if it is compiling also the GSSAPI stuff. Also when I try to connect my client to my AD server it says that no mechanism are available. Thanks
On Mon, Feb 18, 2013 at 3:33 PM, Dan White <[email protected]> wrote: >> On Thu, Feb 14, 2013 at 8:44 PM, Dan White <[email protected]> wrote: >>> >>> On 02/14/13 12:19 +0100, Michele wrote: >>>> >>>> I'm trying to build OpenLDAP enabling the GSSAPI module, but I can't >>>> find any reference on that in the configure file. I'm doing that >>>> because I'm writing a client program that want to login to a Windows AD >>>> via kerberos. Any help is appreciated. >>> >>> >>> You'll need to install the cyrus sasl gssapi plugin. Use 'pluginviewer' >>> to >>> view your current list of installed plugins. > > > On 02/18/13 13:13 +0100, Michele wrote: >> >> this is my pluginviewer and cyrus rpms installed on my machine. >> I think I already get it. >> >> # pluginviewer >> Installed SASL (server side) mechanisms are: >> LOGIN GSSAPI PLAIN ANONYMOUS EXTERNAL >> List of server plugins follows >> Plugin "login" [loaded], API version: 4 >> SASL mechanism: LOGIN, best SSF: 0, supports setpass: no >> security flags: NO_ANONYMOUS >> features: >> Plugin "gssapiv2" [loaded], API version: 4 >> SASL mechanism: GSSAPI, best SSF: 56, supports setpass: no >> security flags: >> NO_ANONYMOUS|NO_PLAINTEXT|NO_ACTIVE|PASS_CREDENTIALS|MUTUAL_AUTH >> features: WANT_CLIENT_FIRST|PROXY_AUTHENTICATION > > > >> [root@temdev10 ~]# rpm -ql | grep cyrus >> rpmq: no arguments given for query >> [root@temdev10 ~]# rpm -qa | grep cyrus >> cyrus-sasl-plain-2.1.22-5.el5_4.3 >> cyrus-sasl-gssapi-2.1.22-5.el5_4.3 >> cyrus-sasl-devel-2.1.22-5.el5_4.3 >> cyrus-sasl-2.1.22-5.el5_4.3 >> cyrus-sasl-lib-2.1.22-5.el5_4.3 > > > You have the necessary sasl components installed to support gssapi > authentication. To verify that your AD server supports gssapi: > > ldapsearch -LLL -x -H ldap://ad.example.org -s "base" -b "" > supportedSASLMechanisms > dn: > supportedSASLMechanisms: GSSAPI > supportedSASLMechanisms: GSS-SPNEGO > supportedSASLMechanisms: EXTERNAL > supportedSASLMechanisms: DIGEST-MD5 > > See the FAQ entry "How do I configure OpenLDAP+SASL+GSSAPI" here (the > client side details should still apply): > > http://www.cyrussasl.org/mediawiki/index.php/FAQ > > -- > Dan White
