I've only just started playing with kerberos and sasl. So I'm not 100% sure if this is normal behavior. My ldapsearch's work, but on the server, I need 3 bind attempts before actually binding successfully. The first 2 throw err=14 SASL bind in progress, then the third always works. >From the server [06/Oct/2010:16:55:47 +0000] conn=16 fd=64 slot=64 connection from 192.xx.xxx.xxx to 192.xx.xxx.xxx [06/Oct/2010:16:55:47 +0000] conn=16 op=0 BIND dn="" method=sasl version=3 mech=GSSAPI [06/Oct/2010:16:55:47 +0000] conn=16 op=0 RESULT err=14 tag=97 nentries=0 etime=0, SASL bind in progress [06/Oct/2010:16:55:47 +0000] conn=16 op=1 BIND dn="" method=sasl version=3 mech=GSSAPI [06/Oct/2010:16:55:47 +0000] conn=16 op=1 RESULT err=14 tag=97 nentries=0 etime=0, SASL bind in progress [06/Oct/2010:16:55:47 +0000] conn=16 op=2 BIND dn="" method=sasl version=3 mech=GSSAPI [06/Oct/2010:16:55:47 +0000] conn=16 op=2 RESULT err=0 tag=97 nentries=0 etime=0 dn="uid=ryan,ou=people,dc=xxx,dc=xx,dc=xx,dc=xx" [06/Oct/2010:16:55:47 +0000] conn=16 op=3 SRCH base="dc=xxx,dc=xx,dc=xx,dc=xx" scope=2 filter="(objectClass=*)" attrs=ALL [06/Oct/2010:16:55:47 +0000] conn=16 op=3 RESULT err=0 tag=101 nentries=10 etime=0 notes=U [06/Oct/2010:16:55:47 +0000] conn=16 op=4 UNBIND [06/Oct/2010:16:55:47 +0000] conn=16 op=4 fd=64 closed - U1 and the client ryan@krbclient:~$ ldapsearch -Y GSSAPI -h kerberos -b "dc=xxx,dc=xx,dc=xx,dc=xx" "objectclass=*" SASL/GSSAPI authentication started SASL username: ryan@xxxxxxxxxxxx SASL SSF: 56 SASL data security layer installed. # extended LDIF # # LDAPv3 # base <dc=xxx,dc=xx,dc=xx,dc=xx> with scope subtree # filter: objectclass=* # requesting: ALL # # xxx.xx.xx.xx dn: dc=xxx,dc=xx,dc=xx,dc=xx objectClass: top objectClass: domain dc: isb # Directory Administrators, xxx.xx.xx.xx dn: cn=Directory Administrators,dc=xxx,dc=xx,dc=xx,dc=xx objectClass: top objectClass: groupofuniquenames cn: Directory Administrators uniqueMember: cn=Directory Manager # Groups, xxx.xx.xx.xx dn: ou=Groups,dc=xxx,dc=xx,dc=xx,dc=xx objectClass: top objectClass: organizationalunit ou: Groups # People, xxx.xx.xx.xx dn: ou=People,dc=xxx,dc=xx,dc=xx,dc=xx objectClass: top objectClass: organizationalunit ou: People # Special Users, xxx.xx.xx.xx dn: ou=Special Users,dc=xxx,dc=xx,dc=xx,dc=xx objectClass: top objectClass: organizationalUnit ou: Special Users description: Special Administrative Accounts # Accounting Managers, Groups, xxx.xx.xx.xx dn: cn=Accounting Managers,ou=Groups,dc=xxx,dc=xx,dc=xx,dc=xx objectClass: top objectClass: groupOfUniqueNames cn: Accounting Managers ou: groups description: People who can manage accounting entries uniqueMember: cn=Directory Manager # HR Managers, Groups, xxx.xx.xx.xx dn: cn=HR Managers,ou=Groups,dc=xxx,dc=xx,dc=xx,dc=xx objectClass: top objectClass: groupOfUniqueNames cn: HR Managers ou: groups description: People who can manage HR entries uniqueMember: cn=Directory Manager # QA Managers, Groups, xxx.xx.xx.xx dn: cn=QA Managers,ou=Groups,dc=xxx,dc=xx,dc=xx,dc=xx objectClass: top objectClass: groupOfUniqueNames cn: QA Managers ou: groups description: People who can manage QA entries uniqueMember: cn=Directory Manager # PD Managers, Groups, xxx.xx.xx.xx dn: cn=PD Managers,ou=Groups,dc=xxx,dc=xx,dc=xx,dc=xx objectClass: top objectClass: groupOfUniqueNames cn: PD Managers ou: groups description: People who can manage engineer entries uniqueMember: cn=Directory Manager # ryan, People, xxx.xx.xx.xx dn: uid=ryan,ou=People,dc=xxx,dc=xx,dc=xx,dc=xx uid: ryan givenName: ryan objectClass: top objectClass: person objectClass: organizationalPerson objectClass: inetorgperson sn: braun cn: ryan # search result search: 4 result: 0 Success # numResponses: 11 # numEntries: 10 Ryan Braun Aviation and Defence Services Division Chief Information Officer Branch, Environment Canada CIV: 204-833-2500x2625 CSN: 257-2625 FAX: 204-833-2558 E-Mail: Ryan.Braun@xxxxxxxx -- 389 users mailing list 389-users@xxxxxxxxxxxxxxxxxxxxxxx https://admin.fedoraproject.org/mailman/listinfo/389-users
