I am trying to setup & configure OpenLDAP on Fedora Core 13. I've gotten as far as compiling and installing OpenLDAP v2.4.23.
Whenever I try to run one of the LDAP commands (like ldapsearch
), I get the following error message:
SASL/GSSAPI authentication started
ldap_sasl_interactive_bind_s: Local error (-2)
additional info: SASL(-1): generic failure: GSSAPI Error: Unspecified GSS failure. Minor code may provide more information (Credentials cache file '/tmp/krb5cc_0' not found)
I looked up on this on Google and one solution seems to be configuring Kerberos to work properly first using kinit.
However, I do not want Kerberos on my system. Is it possible to make OpenLDAP not use Kerberos at all? Do I need to compile with a suitable option? Or is it that I MUST use Kerberos with OpenLDAP?
Best Answer
If you don't want to authenticate with Kerberos, you need to tell the OpenLDAP tools that by using the
-x
command line option. From the man page forldapsearch
:When using
-x
, you will also need-D
, to specify your bind DN, and you will need to provide the password via either-W
(to prompt for the password) or-y file
to read the password from file.