Barry R Ribbeck wrote:
I am trying to use SASL-GSSAPI to leverage our Kerberos V
authentication REALM with Fedora Directory server. When I search
anonymously for supported SASL mechanisms, I get the following
response. Seeing GSSAPI is comforting, but I am sure that is not the
whole story. I am running the directory on RHL E3 with SASL2. What I
am looking for are some docs for the entire process. Turbo
Fredriksson has some excellent docs on Open LDAP, but they don't seem
to map well to the Fedora Directory. Any suggestion would be greatly
apprectiated and I would love to document the process for others.
There isn't a whole lot to document here, since the server is punting
the payload to GSSAPI,
much the same as OL does. The differences are in user identity mapping,
but it would appear
that you haven't got that far yet. The initial handshake isn't completing.
When I attempt to bind to the directory and search for the same
information with the command line below.
ldapsearch -Y GSSAPI -X u:<valid uid> -b "" -s base -LLL -H
Did you really mean to initiate a SASL/GSSAPI bind over SSL ?
I'm not sure that will work. It might, but it may not be supported.
I know for sure that encrypted gssapi will _not_ work. It uses the
same layered I/O hooks that SSL does, and you can't have both
active at the same time (nor would you want to AFAIK).
Try the non-ssl port and see what happens.