3

I am trying to setup & configure OpenLDAP on Fedora Core 13. I've gotten as far as compiling and installing OpenLDAP v2.4.23.

Whenever I try to run one of the LDAP commands (like ldapsearch), I get the following error message:

SASL/GSSAPI authentication started
ldap_sasl_interactive_bind_s: Local error (-2)
        additional info: SASL(-1): generic failure: GSSAPI Error: Unspecified GSS failure.  Minor code may provide more information (Credentials cache file '/tmp/krb5cc_0' not found)

I looked up on this on Google and one solution seems to be configuring Kerberos to work properly first using kinit.

However, I do not want Kerberos on my system. Is it possible to make OpenLDAP not use Kerberos at all? Do I need to compile with a suitable option? Or is it that I MUST use Kerberos with OpenLDAP?

masegaloeh
  • 18,236
  • 10
  • 57
  • 106
miCRoSCoPiCeaRthLinG
  • 283
  • 1
  • 5
  • 17

1 Answers1

6

If you don't want to authenticate with Kerberos, you need to tell the OpenLDAP tools that by using the -x command line option. From the man page for ldapsearch:

       -x     Use simple authentication instead of SASL.

When using -x, you will also need -D, to specify your bind DN, and you will need to provide the password via either -W (to prompt for the password) or -y file to read the password from file.

larsks
  • 43,623
  • 14
  • 121
  • 180
  • Are there any appropriate syntax for ldap.conf, to make it default for every program? – Alex Povolotsky Feb 18 '23 at 16:01
  • Looking at the [docs for ldap.conf](https://openldap.org/software/man.cgi?query=ldap.conf&apropos=0&sektion=0&manpath=OpenLDAP+2.5-Release&arch=default&format=html), I don't see anything that seems likely. I think "how to bind" is generally left up to the individual application. – larsks Feb 18 '23 at 18:25
  • oook, moving from my old setup to new becoming quite interesting. I'd say it's becoming TOO interesting – Alex Povolotsky Feb 20 '23 at 09:23