Skip to Main Content

Security Software

Announcement

For appeals, questions and feedback about Oracle Forums, please email oracle-forums-moderators_us@oracle.com. Technical questions should be asked in the appropriate category. Thank you!

Interested in getting your voice heard by members of the Developer Marketing team at Oracle? Check out this post for AppDev or this post for AI focus group information.

SASL GSSAPI with DS 5.2 server, and OpenLDAP clients

807573Jan 31 2007 — edited Mar 2 2007
I am trying to use SASL GSSAPI to authenticate clients with DS 5.2 P4. All went well, and I enabled GSSAPI, set up identity mappings, etc., and it works fine when testing with 'ldapsearch' on a Solaris 10 client.

Using a Linux client, however, with OpenLDAP's ldapsearch (and Cyrus SASL, MIT Kerberos), GSSAPI authentication fails with this error, every single time:
SASL/GSSAPI authentication started
ldap_sasl_interactive_bind_s: Invalid credentials (49)
        additional info: SASL(-13): authentication failure: GSSAPI Error: Unspecified GSS failure.  Minor code may provide more information (Unknown code 188)
This appears to be an error message generated by DS5.2, and not the OpenLDAP ldapsearch client, since scanning the packets of the exchange show this message appearing in the bindResponse traffic returning from the DS5.2 server.

I cannot get any DS5.2 logs to give me any useful information, presumably because everything is just passed off to the SASL library. Does GSSAPI authentication work with non-Sun clients? Is there any way to debug the SASL error and see what is going wrong?

Comments

Locked Post
New comments cannot be posted to this locked post.

Post Details

Locked on Mar 30 2007
Added on Jan 31 2007
3 comments
448 views