Bug 8241 - Please add support for GSSAPI to slapd chroot
Summary: Please add support for GSSAPI to slapd chroot
Status: CLOSED FIXED
Alias: None
Product: Sisyphus
Classification: Development
Component: openldap-servers (show other bugs)
Version: unstable
Hardware: all Linux
: P2 normal
Assignee: Anton V. Boyarshinov
QA Contact: qa-sisyphus
URL:
Keywords:
Depends on:
Blocks:
 
Reported: 2005-10-16 20:22 MSD by Yurix
Modified: 2008-06-13 12:16 MSD (History)
9 users (show)

See Also:

Attachments
Add an attachment (proposed patch, testcase, etc.)

Note You need to log in before you can comment on or make changes to this bug.
Description Yurix 2005-10-16 20:22:38 MSD 
For GSS-API bind to succeed we should fix /etc/chroot.d/ldap.conf:   
1) copy (if exist) /etc/krb5.conf and /etc/openldap/ldap.keytab   
to /var/lib/ldap/etc/   
2) export KRB5_KTNAME if file /etc/openldap/ldap.keytab exists 
3) provide /var/lib/ldap/var/tmp directory 
4) I'd suggest to remove symlink /etc/openldap/ssl and use directory with the 
same name. 
 
Here how I made it to work: 
--------------------------- 
# subst 's:\(.*for f in slapd.conf rootdse.ldif\)\(.*\):\1 
ldap.keytab\2:' /etc/chroot.d/ldap.conf 
 
# echo 'Copy -gldap -m640 $force /etc/krb5.conf etc/krb5.conf 
[ -d /var/lib/ldap/var/tmp ] || install -gldap -oldap -d /var/lib/ldap/var/tmp' 
>>/etc/chroot.d/ldap.conf 
 
# echo ' 
[ -f /etc/openldap/ldap.keytab ] && \ 
 export KRB5_KTNAME=/etc/openldap/ldap.keytab' >>/etc/sysconfig/ldap 
 
# rm -f /etc/openldap/ssl; mkdir /etc/openldap/ssl 
 
Steps to Reproduce:
1. Install slapd 
2. configure to support SASL 
3. try ldapsearach 
Actual Results:  
will not work 

Expected Results:  
Should work out-of-box after user configure&install /etc/openldap/ldap.keytab  
and /etc/krb5.conf files
Comment 1 Michael Shigorin 2006-06-27 11:16:04 MSD 
это применимо к 2.3.21-alt1?
Comment 2 Dmitry V. Levin 2007-08-07 12:41:40 MSD 
To package maintainer.
Comment 3 Dmitry Lebkov 2007-11-13 15:00:22 MSK 
Fixed in 2.3.39-alt1.