Bug 129448 - no sasl-authentication on a slave-slapd
Summary: no sasl-authentication on a slave-slapd
Status: CLOSED NOTABUG
Alias: None
Product: Red Hat Enterprise Linux 3
Classification: Red Hat
Component: openldap   
(Show other bugs)
Version: 3.0
Hardware: All Linux
medium
medium
Target Milestone: ---
Assignee: Nalin Dahyabhai
QA Contact: Jay Turner
URL:
Whiteboard:
Keywords:
Depends On:
Blocks:
TreeView+ depends on / blocked
 
Reported: 2004-08-09 11:14 UTC by Thorsten Scherf
Modified: 2015-01-08 00:08 UTC (History)
2 users (show)

Fixed In Version:
Doc Type: Bug Fix
Doc Text:
Story Points: ---
Clone Of:
Environment:
Last Closed: 2004-08-13 19:45:00 UTC
Type: ---
Regression: ---
Mount Type: ---
Documentation: ---
CRM:
Verified Versions:
Category: ---
oVirt Team: ---
RHEL 7.3 requirements from Atomic Host:
Cloudforms Team: ---


Attachments (Terms of Use)

Description Thorsten Scherf 2004-08-09 11:14:02 UTC
From Bugzilla Helper:
User-Agent: Mozilla/5.0 (X11; U; Linux i686; en-US; rv:1.6) Gecko/20040510

Description of problem:
after seeting up a slave-slapd and creating a principal for that host
on the master-kdc, still no sasl-authentication is possible for a
client-request. no problems to query the master-slapd with
sasl-authentication.

keytab-file on the slave is extracted and in /etc/sysconfig/ldap I
also  point the daemon to the keytab file. all permissions are set
correctly.

the errormessage on the client:

ldapsearch -h file.rhel.homelinux.com -b "dc=example,dc=com"
"(uid=tscherf)"
SASL/GSSAPI authentication started
ldap_sasl_interactive_bind_s: Unknown error
        additional info: GSSAPI: gss_acquire_cred: Miscellaneous
failure; No principal in keytab matches desired name;

this error also exists on other machines we were tested the same setup.



Version-Release number of selected component (if applicable):
openldap-2.0.27-11

How reproducible:
Always

Steps to Reproduce:
1.setup a slapd with sasl-authetication
2.create a principal for this host on the kdc, extract the keytab
3.query the slave-slapd
    

Actual Results:  ldapsearch -h file.rhel.homelinux.com -b
"dc=example,dc=com" "(uid=tscherf)"
SASL/GSSAPI authentication started
ldap_sasl_interactive_bind_s: Unknown error
        additional info: GSSAPI: gss_acquire_cred: Miscellaneous
failure; No principal in keytab matches desired name;


Expected Results:  the correct entry, as it is shown, if asking the
master-slapd


Additional info:

Comment 1 Thorsten Scherf 2004-08-13 19:45:00 UTC
Not a bug. You have to point the sasl-host name in slapf.conf (on the
salve) to the slave-slapd, not to the master.

after that, everything works as expected.





Note You need to log in before you can comment on or make changes to this bug.