Total newbie here so please be gentle. I'm trying to set up a simple ldap
server that uses SASL and Kerberos for authentication. I built OpenLDAP
--with-cyrus-sasl and --enable-spasswd. I have the service principal and
testsaslauthd works. I used slapadd to build the initial config (from
slapd.ldif) and ldapadd to define a rootdn and basedn (basically ou=people and
ou=groups). Added a user (me) and a group.
I have a slapd.conf file at /usr/lib/sasl2 that defines keytab: krb5.keytab,
mech_list: GSSAPI, pwcheck_method: saslauthd, saslauthd_path:
/run/saslauthd/mux.
Running pluginviewer, I see GSSAPI. Running ldapsearch ...
supportedSASLMechanisms, it returns nothing. I've found websites that talk
about adding sasl-realm <Kerberos-Realm>
sasl-host <ldap-host> sasl-secprops none to slapd.conf. But this isn't the same
slapd.conf I mentioned above correct? And since I used slapd.ldif to do the
inital load, I don't have another
slapd.conf.
How to I define these variables? Also, it looks like I need a direct mapping
i.e.
authz-regexp
uid=([^,]*),cn=example.com,cn=gssapi,cn=auth
uid=$1,ou=people,dc=example,dc=com
Where and how does that get defined? Any and all help would be greatly
appreciated!
