For GSS-API bind to succeed we should fix /etc/chroot.d/ldap.conf: 1) copy (if exist) /etc/krb5.conf and /etc/openldap/ldap.keytab to /var/lib/ldap/etc/ 2) export KRB5_KTNAME if file /etc/openldap/ldap.keytab exists 3) provide /var/lib/ldap/var/tmp directory 4) I'd suggest to remove symlink /etc/openldap/ssl and use directory with the same name. Here how I made it to work: --------------------------- # subst 's:\(.*for f in slapd.conf rootdse.ldif\)\(.*\):\1 ldap.keytab\2:' /etc/chroot.d/ldap.conf # echo 'Copy -gldap -m640 $force /etc/krb5.conf etc/krb5.conf [ -d /var/lib/ldap/var/tmp ] || install -gldap -oldap -d /var/lib/ldap/var/tmp' >>/etc/chroot.d/ldap.conf # echo ' [ -f /etc/openldap/ldap.keytab ] && \ export KRB5_KTNAME=/etc/openldap/ldap.keytab' >>/etc/sysconfig/ldap # rm -f /etc/openldap/ssl; mkdir /etc/openldap/ssl Steps to Reproduce: 1. Install slapd 2. configure to support SASL 3. try ldapsearach Actual Results: will not work Expected Results: Should work out-of-box after user configure&install /etc/openldap/ldap.keytab and /etc/krb5.conf files
это применимо к 2.3.21-alt1?
To package maintainer.
Fixed in 2.3.39-alt1.