Dieter Klünter <[email protected]> writes: > Am Fri, 20 Dec 2019 20:54:13 +0100 > schrieb Stefan Kania <[email protected]>: > >> Hello, >> >> I try to do the authentication in LDAP via Kerberos. The >> Kerberos-Database is in LDAP, no problem, I can login to the system >> as a normal user but when I do a "ldapwhomami" I get the following >> output: ----------------- >> u1-verw@ldapserver:~$ ldapwhoami >> SASL/GSSAPI authentication started >> SASL username: [email protected] >> SASL SSF: 256 >> SASL data security layer installed. >> dn:uid=u1-verw,cn=gssapi,cn=auth >> ----------------- >> I would like to get the original DN from the user not the >> dn:*,cn=gssapi,cn=auth. So I put into my configuration:> [...] > > I face the same problem with OpenIndiana. To my experience it's only > GSSAPI, DIGEST-MD5 and CRAM-MD5 work as expected. But I must admit, it > is only on Solaris not on Linux.
A few examples of my sides: KDC: raspberrypi, OS raspian host: pink, OS OpenSUSE Tumbleweed host: indiana OS OpenIndiana On Indiana: /usr/lib/openldap/bin/amd64/ldapwhoami -Ygssapi -H ldap://pink.example.com SASL/GSSAPI authentication started SASL username: [email protected] SASL SSF: 56 SASL data security layer installed. dn:cn=dieter kluenter,ou=partner,o=avci,c=de /usr/lib/openldap/bin/amd64/ldapwhoami -Y gssapi-H ldap://indiana.example.com SASL/GSSAPI authentication started SASL username: [email protected] SASL SSF: 56 SASL data security layer installed. dn:uid=dieter@example,cn=gssapi,cn=auth On Tumbleweed: /usr/bin/ldapwhoami -Y gssapi -H ldap://indiana.example.com SASL/GSSAPI authentication started SASL username: [email protected] SASL SSF: 256 SASL data security layer installed. dn:[email protected],cn=gssapi,cn=auth LDAP-Server is OpenLDAP-2.4.48 on all hosts and OS's -Dieter -- Dieter Klünter | Directory Service http://sys4.de 53°37'09,95"N 10°08'02,42"E
