directory-dev mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From "Alex Duzsardi (JIRA)" <>
Subject [jira] [Created] (DIRSERVER-2205) ldap tools don't work with gssapi sasl
Date Mon, 31 Jul 2017 17:58:00 GMT
Alex Duzsardi created DIRSERVER-2205:

             Summary: ldap tools don't work with gssapi sasl 
                 Key: DIRSERVER-2205
             Project: Directory ApacheDS
          Issue Type: Bug
          Components: core
    Affects Versions: 2.0.0-M24
         Environment: Linux Centos 7 x64
ApacheDS 2.0.0-M4
            Reporter: Alex Duzsardi

I successfully installed ApacheDS , was able to start , configure the service and set up kerberos
It work without problem from ApacheDS Studio , i can login with GSSAPI , but can't say the
same from local ldap tools (openldap-clients)
I can't get a tgt from the kerberos with kinit , i've exported the ldap service principal
using ktutil and saved it as /etc/krb5.keytab , configured krb5.conf , configured ldap.conf
hostnames are configured statically through /etc/hosts , actually only one host as the server
is also the client (LAN_IP , ldap/ got exported with ktutil)

[root@example ~]# cat /etc/krb5.conf
    default_realm = EXAMPLE.COM
#    rdns = false

        kdc =
        default_domain = EXAMPLE.COM

[domain_realm] = EXAMPLE.COM = EXAMPLE.COM


[root@example ~]# klist -k
Keytab name: FILE:/etc/krb5.keytab
KVNO Principal
---- --------------------------------------------------------------------------
[root@example ~]#

[root@example ~]# kinit hnelson
Password for hnelson@EXAMPLE.COM:
[root@example ~]# klist
Ticket cache: FILE:/tmp/krb5cc_0
Default principal: hnelson@EXAMPLE.COM

Valid starting       Expires              Service principal
07/31/2017 20:54:48  08/01/2017 20:54:38  krbtgt/EXAMPLE.COM@EXAMPLE.COM
[root@example ~]#

{color:red}[root@example ~]# ldapsearch -Y GSSAPI -H ldap:// -b "dc=example,dc=com"
SASL/GSSAPI authentication started
ldap_sasl_interactive_bind_s: Local error (-2)
        additional info: SASL(-1): generic failure: GSSAPI Error: Unspecified GSS failure.
 Minor code may provide more information (Message stream modified)


This message was sent by Atlassian JIRA

View raw message