OpenLDAP Setup help: SASL/GSSAPI authentication started

Question

I am trying to setup & configure OpenLDAP on Fedora Core 13. I've gotten as far as compiling and installing OpenLDAP v2.4.23.

Whenever I try to run one of the LDAP commands (like ldapsearch), I get the following error message:

SASL/GSSAPI authentication started
ldap_sasl_interactive_bind_s: Local error (-2)
        additional info: SASL(-1): generic failure: GSSAPI Error: Unspecified GSS failure.  Minor code may provide more information (Credentials cache file '/tmp/krb5cc_0' not found)

I looked up on this on Google and one solution seems to be configuring Kerberos to work properly first using kinit.

However, I do not want Kerberos on my system. Is it possible to make OpenLDAP not use Kerberos at all? Do I need to compile with a suitable option? Or is it that I MUST use Kerberos with OpenLDAP?

FWIW, `GSSAPI` is only _one_ SASL mechanism. There are several others, including `PLAIN`. — user1686, Feb 07 '11 at 21:04

score 5 · Answer 1 · answered Feb 07 '11 at 12:18

5

If you don't want to authenticate with Kerberos, you need to tell the OpenLDAP tools that by using the -x command line option. From the man page for ldapsearch:

       -x     Use simple authentication instead of SASL.

When using -x, you will also need -D, to specify your bind DN, and you will need to provide the password via either -W (to prompt for the password) or -y file to read the password from file.

answered Feb 07 '11 at 12:18

larsks

41,276
13
117
170

So, did this answer help out? – larsks Feb 12 '11 at 02:27

OpenLDAP Setup help: SASL/GSSAPI authentication started

1 Answers1