You are viewing a plain text version of this content. The canonical link for it is here.
Posted to dev@directory.apache.org by Bill MacAllister <bi...@ca-zephyr.org> on 2019/08/30 17:47:29 UTC
Apache Directory Studio and Kerberos
I am trying to use krb authentication to connect to an OpenLDAP server
using ADS. I
keep getting the error "Missing schema locations in RootDSE, using
default schema".
Looking at the log on the server and comparing anon connections to krb
connections
I see that the anon sequence of operations starts with a BIND and the
krb does not.
Note, the Check Authentication for the krb connection returns "The
authentication
was successful". This is on a debian buster system using ADS Version:
2.0.0.v20180908-M14.
I should note that I can view the schema using ldapsearch with a valid
kerberos ticket cache.
Any ideas on things I can try?
Bill
--
Bill MacAllister <bi...@ca-zephyr.org>
---------------------------------------------------------------------
To unsubscribe, e-mail: dev-unsubscribe@directory.apache.org
For additional commands, e-mail: dev-help@directory.apache.org
Re: Apache Directory Studio and Kerberos
Posted by Bill MacAllister <bi...@ca-zephyr.org>.
On 2019-08-30 10:57, Bill MacAllister wrote:
> I should have mentioned that I had the SASL parameters set to
> "Authentication
> with integrity and privacy protection". When I change this setting to
> "Authentication Only" I am able to see data in the directory.
And I was able to return data with auth-only because of a
mis-configuration
in the directory. Once I specified auth-with-integrity-privace I was
not
able to retrieve the schema or see any data.
Bill
--
Bill MacAllister <bi...@ca-zephyr.org>
---------------------------------------------------------------------
To unsubscribe, e-mail: dev-unsubscribe@directory.apache.org
For additional commands, e-mail: dev-help@directory.apache.org
Re: Apache Directory Studio and Kerberos
Posted by Bill MacAllister <bi...@ca-zephyr.org>.
On 2019-08-30 10:47, Bill MacAllister wrote:
> I am trying to use krb authentication to connect to an OpenLDAP server
> using ADS. I
> keep getting the error "Missing schema locations in RootDSE, using
> default schema".
> Looking at the log on the server and comparing anon connections to krb
> connections
> I see that the anon sequence of operations starts with a BIND and the
> krb does not.
> Note, the Check Authentication for the krb connection returns "The
> authentication
> was successful". This is on a debian buster system using ADS Version:
> 2.0.0.v20180908-M14.
I should have mentioned that I had the SASL parameters set to
"Authentication
with integrity and privacy protection". When I change this setting to
"Authentication Only" I am able to see data in the directory.
Bill
--
Bill MacAllister <bi...@ca-zephyr.org>
---------------------------------------------------------------------
To unsubscribe, e-mail: dev-unsubscribe@directory.apache.org
For additional commands, e-mail: dev-help@directory.apache.org