On 03/29/12 12:18 +0100, luxInteg wrote:
Greetings,
i am new to this list. I have a computer with these:-
cpu: amd64 2 cores
os linux 64bit distro=cblfs kernel-3.2.1, gcc-4.5.2
auth progs: MIT-kerberos-1.10, sasl-2.1.25. openldap-2.4.29
I verified ldap is running without sasl with the ldapsearch command like
so:-
ldapsearch -xWLLL "ou=people" -H ldaps://tester.example.com
When I tried the same command for a sasl bind:-
ldappsearch -LLL "ou=people" -H ldaps://tester.example.com
I get this
###################################################
SASL/GSSAPI authentication started
ldap_sasl_interactive_bind_s: Invalid credentials (49)
additional info: SASL(-13): authentication failure: GSSAPI Failure:
gss_accept_sec_context
###################################################
When I didpensed with tls i.e. I do
ldappsearch -LLL "ou=people" -H ldap://tester.example.com
I get the same result.
It seems that there is something wrong with sasl-installation and I would
be grateful for some advice including source of any needed patches.
To apply the patch I mentioned on the openldap list:
wget ftp://ftp.cyrusimap.org/cyrus-sasl/cyrus-sasl-2.1.25.tar.gz
wget -O gssapi-flags.patch https://bugzilla.cyrusimap.org/attachment.cgi?id=1393
tar -xvzf cyrus-sasl-2.1.25.tar.gz
cd cyrus-sasl-2.1.25/
patch -p1 < ../gssapi-flags.patch
Then ./configure etc. If you're using a package from an OS that you did
not compile yourself, consider filing a bug with your vendor to get them
to review this patch for inclusion.
Another patch you may want to look at is:
https://bugzilla.cyrusimap.org/show_bug.cgi?id=3445
--
Dan White
