[Bug 229252] [NEW] slapd gssapi failure
Launchpad Bug Tracker
229252 at bugs.launchpad.net
Tue Jul 22 15:50:24 BST 2008
You have been subscribed to a public bug:
Binary package hint: slapd
I'm setting up a ldap server allowing gssapi (kerberos) authentication,
and it looks like the slapd daemon does not work properly. I've tried
with both sasl-gssapi flavours (MIT & heimdal), and both fail when the
slapd is running on the ubuntu (hardy) box, but works properly when the
slapd is on a debian (etch) box.
The behaviour (described below) is the same when I supply the proper
KRB5_KTNAME on /etc/default/slapd and when no keytab is supplied there,
so it looks like the environment variable is not honoured.
When using the Heimdal-GSSAPI library, I get
ldap_sasl_interactive_bind_s: Invalid credentials (49)
MIT-GSSAPI library gives
ldap_sasl_interactive_bind_s: Other (e.g., implementation specific) error (80)
and on the credential cache I see two ticket for a ldap principal one with the realm and another one that looks like realm-less.
There is also a quite probably related syslog message (selinux disabled, keytab owned by openldap user):
kernel: [ 783.797967] audit(1210511590.180:11): type=1503 operation="inode_permission" requested_mask="::a" denied_mask="::a" name="/dev/tty" pid=7408 profile="/usr/sbin/slapd" namespace="default"
** Affects: openldap (Ubuntu)
Importance: Undecided
Status: New
--
slapd gssapi failure
https://bugs.launchpad.net/bugs/229252
You received this bug notification because you are a member of Ubuntu Server Team, which is subscribed to openldap in ubuntu.
More information about the Ubuntu-server-bugs
mailing list