directory-users mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From Bill MacAllister <...@stanford.edu>
Subject Re: GSSAPI Binds to Directory Studio
Date Sun, 19 Dec 2010 07:18:03 GMT


--On Saturday, December 18, 2010 12:05:39 PM +0100 Stefan Seelmann <seelmann@apache.org>
wrote:

> Hi Bill,
>
> On Sat, Dec 18, 2010 at 12:28 AM, Bill MacAllister <whm@stanford.edu> wrote:
>> Looks like Directory Studio is not finding my ticket cache.  I would
>> expect it to follow the KRB5CCNAME environment variable.  Is there
>> some other way to point Directory Studio at my ticket cache?
>
> Studio uses JNDI which uses JAAS underneath which doesn't look to the
> KRB5CCNAME environment variable by default, see [1] for details.
>
> There are several workarounds, the easiest should be to append the
> following argument when starting Studio:
>
>     -Duser.krb5ccname=$KRB5CCANME
>
> You can also create an ".ApacheDirectoryStudio.ini" file in the Studio
> installation directory (assumed you are using Linux) and put the
> argument into it, but then you can't use the $KRB5CCANME variable.
>
> Hope that helps,
> Stefan
>
>
> [1] http://bugs.sun.com/view_bug.do?bug_id=6832353

That worked great.  Well, at least I am able to bind to the directory
now.

But, it seems that the searches are not using GSSAPI to secure the
traffice to the server because when I look at the ldap logs I see that
the ssf is zero.  In our case this means that no data can be returned.
(And, yes, I am a bit fuzzy on the exact details since ldapsearch just
does the right thing for me without my having to think about it.)  Any
ideas on how to deal with this?

Thanks again for you help,

Bill

-- 

Bill MacAllister
Infrastructure Delivery Group, Stanford University


Mime
View raw message