Am Tue, 30 Jun 2015 12:48:22 +0200 schrieb Andreas Laesser <[email protected]>:
> Hi @all > > I have a (maybe) a problem with my openldap server authenticating > over a JAVA tool (Apache Directory Studio LDAP Browser > V2.0.0.v20130628, jXplorer) via GSSAPI. > > When I do a ldapsearch from command line via GSSAPI it works fine... > > > ~ % klist > Ticket cache: FILE:/tmp/krb5cc_1086_lR4Nxxxxrs > Default principal: [email protected] > > Valid starting Expires Service principal > 30/06/2015 10:54 02/07/2015 10:54 > krbtgt/[email protected] renew until 10/07/2015 10:54 > 30/06/2015 10:54 02/07/2015 10:54 > ldap/[email protected] renew until 10/07/2015 10:54 > > > ~ % ldapsearch -H ldaps://ldap1.spsc.tugraz.at -b > "dc=SPSC,dc=TUGRAZ,dc=AT" > > This works well.... > > but if I try the same from one of the two tools mentioned above it > simply not bind or connects.... > > Does anybody had the same problems, or knows a solution? If Kerberos is properly set up, you should use SASL GSSAPI, that is ldapsearch -Y GSSAPI -H ldaps://some.host -Dieter -- Dieter Klünter | Systemberatung http://sys4.de GPG Key ID: E9ED159B 53°37'09,95"N 10°08'02,42"E
pgpTqP_TP5ylf.pgp
Description: Digitale Signatur von OpenPGP
