Bug 8241 - Please add support for GSSAPI to slapd chroot
: Please add support for GSSAPI to slapd chroot
Status: CLOSED FIXED
: Sisyphus
(All bugs in Sisyphus/openldap-servers)
: unstable
: all Linux
: P2 normal
Assigned To:
:
:
:
:
:
  Show dependency tree
 
Reported: 2005-10-16 20:22 by
Modified: 2008-06-13 12:16 (History)


Attachments


Note

You need to log in before you can comment on or make changes to this bug.


Description From 2005-10-16 20:22:38
For GSS-API bind to succeed we should fix /etc/chroot.d/ldap.conf:   
1) copy (if exist) /etc/krb5.conf and /etc/openldap/ldap.keytab   
to /var/lib/ldap/etc/   
2) export KRB5_KTNAME if file /etc/openldap/ldap.keytab exists 
3) provide /var/lib/ldap/var/tmp directory 
4) I'd suggest to remove symlink /etc/openldap/ssl and use directory with the 
same name. 
 
Here how I made it to work: 
--------------------------- 
# subst 's:\(.*for f in slapd.conf rootdse.ldif\)\(.*\):\1 
ldap.keytab\2:' /etc/chroot.d/ldap.conf 
 
# echo 'Copy -gldap -m640 $force /etc/krb5.conf etc/krb5.conf 
[ -d /var/lib/ldap/var/tmp ] || install -gldap -oldap -d /var/lib/ldap/var/tmp' 
>>/etc/chroot.d/ldap.conf 
 
# echo ' 
[ -f /etc/openldap/ldap.keytab ] && \ 
 export KRB5_KTNAME=/etc/openldap/ldap.keytab' >>/etc/sysconfig/ldap 
 
# rm -f /etc/openldap/ssl; mkdir /etc/openldap/ssl 
 
Steps to Reproduce:
1. Install slapd 
2. configure to support SASL 
3. try ldapsearach 
Actual Results:  
will not work 

Expected Results:  
Should work out-of-box after user configure&install /etc/openldap/ldap.keytab  
and /etc/krb5.conf files
------- Comment #1 From 2006-06-27 11:16:04 -------
это применимо к 2.3.21-alt1?
------- Comment #2 From 2007-08-07 12:41:40 -------
To package maintainer.
------- Comment #3 From 2007-11-13 15:00:22 -------
Fixed in 2.3.39-alt1.