RSS feed

Re: nslcd SASL bind fails

[Date Prev][Date Next] [Thread Prev][Thread Next]

Re: nslcd SASL bind fails

On 02/12/2012 05:04 PM, steve wrote:
Ubuntu 11.10
nslcd 0.8.4 from nslcd_0.8.4_i386.deb

I can't do a GSSAPI bind:
Feb 12 16:51:54 hh3 nslcd[3002]: [e8944a] <passwd="steve2"> failed to bind to LDAP server ldap:// Local error: No such file or directory

uid nslcd-user
gid nslcd-user
uri ldap://
base dc=hh3,dc=site
map    passwd uid              samAccountName
map    passwd homeDirectory    unixHomeDirectory
sasl_mech GSSAPI
sasl_realm HH3.SITE
krb5_ccname /tmp/krb5cc_0

There is a ticket cache at /tmp/krb5cc_0 and a conventional bind works fine. I can also use ldapsearch -Y GSSAPI and ldapmodify -Y GSSAPI

Any ideas?

Sorry. Forgot he details. I compiled from source from your site:

root@hh3:/tmp# getent passwd steve2

 nslcd -d
nslcd: DEBUG: add_uri(ldap://
nslcd: version 0.7.15 starting
nslcd: DEBUG: setgroups(0,NULL) done
nslcd: DEBUG: setgid(126) done
nslcd: DEBUG: setuid(115) done
nslcd: accepting connections
nslcd: [8b4567] DEBUG: connection from pid=17216 uid=0 gid=0
nslcd: [8b4567] DEBUG: nslcd_passwd_byname(steve2)
nslcd: [8b4567] DEBUG: myldap_search(base="dc=hh3,dc=site", filter="(&(objectClass=posixAccount)(sAMAccountName=steve2))")
nslcd: [8b4567] DEBUG: ldap_initialize(ldap://
nslcd: [8b4567] DEBUG: ldap_set_rebind_proc()
nslcd: [8b4567] DEBUG: ldap_set_option(LDAP_OPT_PROTOCOL_VERSION,3)
nslcd: [8b4567] DEBUG: ldap_set_option(LDAP_OPT_DEREF,0)
nslcd: [8b4567] DEBUG: ldap_set_option(LDAP_OPT_TIMELIMIT,0)
nslcd: [8b4567] DEBUG: ldap_set_option(LDAP_OPT_TIMEOUT,0)
nslcd: [8b4567] DEBUG: ldap_set_option(LDAP_OPT_NETWORK_TIMEOUT,0)
nslcd: [8b4567] DEBUG: ldap_set_option(LDAP_OPT_REFERRALS,LDAP_OPT_ON)
nslcd: [8b4567] DEBUG: ldap_set_option(LDAP_OPT_RESTART,LDAP_OPT_ON)
nslcd: [8b4567] DEBUG: ldap_sasl_bind_s("cn=Administrator,cn=Users,dc=hh3,dc=site","GSSAPI",NULL) (uri="ldap://";) nslcd: [8b4567] failed to bind to LDAP server ldap:// Invalid credentials
nslcd: [8b4567] DEBUG: ldap_unbind()
nslcd: [8b4567] no available LDAP server found

ldb_wrap open of secrets.ldb
GSS server Update(krb5)(1) Update failed: An unsupported mechanism was requested: unknown mech-code 0 for mech 1 2 840 113554 1 2 2

What is it saying? Which is at fault here?

To unsubscribe send an email to or see