| View previous topic :: View next topic |
| Author |
Message |
dogghaus
n00b
Joined: 17 Nov 2003
Posts: 58
|
 Posted: Wed Dec 31, 2003 7:53 pm Post subject: LDAP server not compiled with SASL support |
 |
|
Hi, I've tried setting up gentoo to authenticate to my existing ldap server, and I am not having any luck. When I try to bind using sasl, I get the error "ldap not compiled with sasl support." Since all my user passwords are stored in a krb5 database, ldap needs to be compiled with sasl in order to bind to the krb5 server. Am I wrong about this? I have been using pretty much the same setup for three years now, running on redhat boxes.
Also, I can't log in remotely via ssh (as anyone but root) or ftp (at all). I adjusted the pam settings (system-auth) as recommended in the ldap authentication guide, no luck. I adjusted the pam settings again to match my redhat boxes, now I can't log in even as root locally. So I know it is doing something, just not what I want.
I compiled ldap with kerberos support; when using simple bind, ssl. or tls, gssapi came back as an SASL mechanism. I can run ldapadd and kadmin, so it is connecting, just no luck with the user authentication. My make.conf has ldap,kerberos,sasl,ssl, and pam in the use statement.
Since I can't log in, I can't retrieve any log entries, but they were fairly generic "user not found" errors. I am reloading the machine. My main goal is to replace my redhat cyrus-imap/postfix server. I store all passwords (redirected to krb5), aliases, horde stuff, etc in ldap.
If anyone has any pointers or has done this on a gentoo box, please let me know if you have any advice or if I am brainfarting this. |
|
| Back to top |
|
 |
eNut
n00b
Joined: 13 Jun 2003
Posts: 36
|
| Posted: Wed Dec 31, 2003 8:44 pm Post subject: |
|
|
Sounds like you should re-emerge LDAP with SASL in your USE flags. If you did that then I dunno  |
|
| Back to top |
|
|
dogghaus
n00b
Joined: 17 Nov 2003
Posts: 58
|
| Posted: Wed Dec 31, 2003 8:49 pm Post subject: |
|
|
| I tried, and emerge stated it was not a valid option. The options I stated in my make.conf were the only pertinent ones. |
|
| Back to top |
|
|
rt_clik
n00b
Joined: 18 Jun 2002
Posts: 70
Location: Rohnert Park, California, US
|
| Posted: Wed Jan 14, 2004 11:53 pm Post subject: Recent experience... |
|
|
Trying to get my LDAP test server up and running (securely), and have been running into all sorts of TSL errors on the LDAP connection. Thinking they may be somewhat related to the SASL errors I've seen in connection attempts remotely, I went looking to recompile openldap with SASL support. There is a USE flag, but in order for it to be valid for the openldap build you must have SASL installed.
cyrus-sasl is the only package that makes any sense. My rebuild of openldap borked later along the compile, but seemed happy during the config when using the USE="sasl" flag. Now, I've just got to diagnose my other breakage.
Hope this helps someone. |
|
| Back to top |
|
|
|
|
You cannot post new topics in this forum
You cannot reply to topics in this forum
You cannot edit your posts in this forum
You cannot delete your posts in this forum
You cannot vote in polls in this forum
|
|
Networking & Security
