[28849] in Kerberos
Re: Interaction between OpenLDAP and Kerberos through SASL
daemon@ATHENA.MIT.EDU (Douglas E. Engert)
Wed Dec 5 10:38:56 2007
Message-ID: <4756C4E3.5000707@anl.gov>
Date: Wed, 05 Dec 2007 09:33:55 -0600
From: "Douglas E. Engert" <deengert@anl.gov>
MIME-Version: 1.0
To: Andrea <acirulli@gmail.com>
In-Reply-To: <8c02ac93-8510-4664-af2b-28628ae612e0@a35g2000prf.googlegroups.com>
Cc: kerberos@mit.edu
Content-Type: text/plain; charset="us-ascii"
Content-Transfer-Encoding: 7bit
Errors-To: kerberos-bounces@mit.edu
Andrea wrote:
> Any suggestions about how to use Kerberos in OpenLDAP through SASL
> mechanisms or some other mechanism?
Is done by GSSAPI.
ldapsearch -Y GSSAPI and maybe the -R realm -U user
On the server the bind dn looks like uid=user,cn=gssapi,cn=auth
you can map this using the sasl-regexp to some other dn,
Then on the server you can add to /etc/default/slapd
KRB5_KTNAME=/etc/ldap/krb5.keytab
export KRB5_KTNAME
The server runs under the principal LDAP/hostname@realm
>
> thx in advance,
> ________________________________________________
> Kerberos mailing list Kerberos@mit.edu
> https://mailman.mit.edu/mailman/listinfo/kerberos
>
>
--
Douglas E. Engert <DEEngert@anl.gov>
Argonne National Laboratory
9700 South Cass Avenue
Argonne, Illinois 60439
(630) 252-5444
________________________________________________
Kerberos mailing list Kerberos@mit.edu
https://mailman.mit.edu/mailman/listinfo/kerberos
