--On Saturday, December 18, 2010 12:05:39 PM +0100 Stefan Seelmann
<[email protected]> wrote:
Hi Bill,
On Sat, Dec 18, 2010 at 12:28 AM, Bill MacAllister <[email protected]> wrote:
Looks like Directory Studio is not finding my ticket cache. I would
expect it to follow the KRB5CCNAME environment variable. Is there
some other way to point Directory Studio at my ticket cache?
Studio uses JNDI which uses JAAS underneath which doesn't look to the
KRB5CCNAME environment variable by default, see [1] for details.
There are several workarounds, the easiest should be to append the
following argument when starting Studio:
-Duser.krb5ccname=$KRB5CCANME
You can also create an ".ApacheDirectoryStudio.ini" file in the Studio
installation directory (assumed you are using Linux) and put the
argument into it, but then you can't use the $KRB5CCANME variable.
Hope that helps,
Stefan
[1] http://bugs.sun.com/view_bug.do?bug_id=6832353
That worked great. Well, at least I am able to bind to the directory
now.
But, it seems that the searches are not using GSSAPI to secure the
traffice to the server because when I look at the ldap logs I see that
the ssf is zero. In our case this means that no data can be returned.
(And, yes, I am a bit fuzzy on the exact details since ldapsearch just
does the right thing for me without my having to think about it.) Any
ideas on how to deal with this?
Thanks again for you help,
Bill
--
Bill MacAllister
Infrastructure Delivery Group, Stanford University
