Charles Hymes writes:

> I'm having a real hard time debugging this, and the moment I think it's
> a Kerberos config problem, and not really LDAP. I'm trying to do a new
> ldap+MIT kerberos install , on a new Fedora 7 box. I can kinit, but I
> can't get ldapsearch or ldapwhoami to work locally. I thought it was a
> read problem with the keytab files, but I tried setting KRB5_KTNAME to a
> keytab file I knew ware readable by slapd, and that did not help. I also
> checked permissions on my certificates, and that seems OK too.
> ldapsearch -x does work, but ldapsearch -Y GSSAPI does not.


Do you have the Cyrus SASL GSSAPI modules installed on the server?

--
Russ Allbery (rra@stanford.edu)