Interaction between OpenLDAP and Kerberos through SASL - Kerberos

This is a discussion on Interaction between OpenLDAP and Kerberos through SASL - Kerberos ; Any suggestions about how to use Kerberos in OpenLDAP through SASL mechanisms or some other mechanism? thx in advance,...

+ Reply to Thread
Results 1 to 2 of 2

Thread: Interaction between OpenLDAP and Kerberos through SASL

  1. Interaction between OpenLDAP and Kerberos through SASL

    Any suggestions about how to use Kerberos in OpenLDAP through SASL
    mechanisms or some other mechanism?

    thx in advance,

  2. Re: Interaction between OpenLDAP and Kerberos through SASL



    Andrea wrote:
    > Any suggestions about how to use Kerberos in OpenLDAP through SASL
    > mechanisms or some other mechanism?


    Is done by GSSAPI.

    ldapsearch -Y GSSAPI and maybe the -R realm -U user

    On the server the bind dn looks like uid=user,cn=gssapi,cn=auth
    you can map this using the sasl-regexp to some other dn,

    Then on the server you can add to /etc/default/slapd
    KRB5_KTNAME=/etc/ldap/krb5.keytab
    export KRB5_KTNAME

    The server runs under the principal LDAP/hostname@realm


    >
    > thx in advance,
    > ________________________________________________
    > Kerberos mailing list Kerberos@mit.edu
    > https://mailman.mit.edu/mailman/listinfo/kerberos
    >
    >


    --

    Douglas E. Engert
    Argonne National Laboratory
    9700 South Cass Avenue
    Argonne, Illinois 60439
    (630) 252-5444

+ Reply to Thread