Bug 129448 - no sasl-authentication on a slave-slapd
no sasl-authentication on a slave-slapd
Status: CLOSED NOTABUG
Product: Red Hat Enterprise Linux 3
Classification: Red Hat
Component: openldap (Show other bugs)
3.0
All Linux
medium Severity medium
: ---
: ---
Assigned To: Nalin Dahyabhai
Jay Turner
:
Depends On:
Blocks:
  Show dependency treegraph
 
Reported: 2004-08-09 07:14 EDT by Thorsten Scherf
Modified: 2015-01-07 19:08 EST (History)
2 users (show)

See Also:
Fixed In Version:
Doc Type: Bug Fix
Doc Text:
Story Points: ---
Clone Of:
Environment:
Last Closed: 2004-08-13 15:45:00 EDT
Type: ---
Regression: ---
Mount Type: ---
Documentation: ---
CRM:
Verified Versions:
Category: ---
oVirt Team: ---
RHEL 7.3 requirements from Atomic Host:
Cloudforms Team: ---


Attachments (Terms of Use)

  None (edit)
Description Thorsten Scherf 2004-08-09 07:14:02 EDT
From Bugzilla Helper:
User-Agent: Mozilla/5.0 (X11; U; Linux i686; en-US; rv:1.6) Gecko/20040510

Description of problem:
after seeting up a slave-slapd and creating a principal for that host
on the master-kdc, still no sasl-authentication is possible for a
client-request. no problems to query the master-slapd with
sasl-authentication.

keytab-file on the slave is extracted and in /etc/sysconfig/ldap I
also  point the daemon to the keytab file. all permissions are set
correctly.

the errormessage on the client:

ldapsearch -h file.rhel.homelinux.com -b "dc=example,dc=com"
"(uid=tscherf)"
SASL/GSSAPI authentication started
ldap_sasl_interactive_bind_s: Unknown error
        additional info: GSSAPI: gss_acquire_cred: Miscellaneous
failure; No principal in keytab matches desired name;

this error also exists on other machines we were tested the same setup.



Version-Release number of selected component (if applicable):
openldap-2.0.27-11

How reproducible:
Always

Steps to Reproduce:
1.setup a slapd with sasl-authetication
2.create a principal for this host on the kdc, extract the keytab
3.query the slave-slapd
    

Actual Results:  ldapsearch -h file.rhel.homelinux.com -b
"dc=example,dc=com" "(uid=tscherf)"
SASL/GSSAPI authentication started
ldap_sasl_interactive_bind_s: Unknown error
        additional info: GSSAPI: gss_acquire_cred: Miscellaneous
failure; No principal in keytab matches desired name;


Expected Results:  the correct entry, as it is shown, if asking the
master-slapd


Additional info:
Comment 1 Thorsten Scherf 2004-08-13 15:45:00 EDT
Not a bug. You have to point the sasl-host name in slapf.conf (on the
salve) to the slave-slapd, not to the master.

after that, everything works as expected.



Note You need to log in before you can comment on or make changes to this bug.