Issue #29: Adding krb5_principal option - bind-dyndb-ldap

bind-dyndb-ldap

#29 Adding krb5_principal option

Closed: Fixed Opened Nov 21, 2010 by zpericic.

We should add separate option for kerberos principal in keytab.

For some reason OpenLDAP refuse login if I use sasl_user. OpenLDAP try to do proxy login which always fail. openldap-client send empty sasl_user for GSSAPI login. To send empty sasl_user we need separate option for krb5 principal so we could init keytab.

Here is sample config:
dynamic-db "ldapdns" {
library "ldap.so";
arg "connections 2";
arg "uri ldap://myhost";
arg "base ou=DNS,dc=mybase";
arg "cache_ttl 300";
arg "auth_method sasl";
arg "krb5_keytab FILE:/etc/named/named.keytab";
arg "krb5_principal dns/myhost";
arg "sasl_mech GSSAPI";
}

zpericic commented Nov 21, 2010

Separating krb5 principal from sasl_user
bind-dyndb-ldap-0.1.0b-krb5_principal.patch

atkac commented Jan 3, 2011

Fixed, thanks for the patch.

http://git.fedorahosted.org/git/?p=bind-dyndb-ldap.git;a=commit;h=6b0005895bfba65dc8b5497075aa17935a21b18d

Metadata Update from @zpericic:
- Issue assigned to mnagy
- Issue set to the milestone: 0.1.1ipa

Feb 13, 2017

Metadata

Assignee

mnagy

Tags

None

Blocking

None

Depending on

None

Priority

Normal

type

defect

component

ldap driver

keywords

nihsyndrome, ldap

rhbz

fixedin

0.2.0

fixedby

6b0005895bfba65dc8b5497075aa17935a21b18d

bind-dyndb-ldap

#29 Adding krb5_principal option Closed: Fixed Opened Nov 21, 2010 by zpericic.

Metadata

#29 Adding krb5_principal option

Closed: Fixed Opened Nov 21, 2010 by zpericic.