kaddressbook: GSSAPI bind to OpenLDAP

James F. Hranicky jfh at cise.ufl.edu
Mon May 1 15:14:21 BST 2006 

Platform: SuSE 9.3 x86

I'm having trouble getting kaddressbook (in kontact) to bind to OpenLDAP
via SASL/GSSAPI. I have a valid ticket, but when I try to connect I get
this error popup:

    Authorization failed, ldap://server.cise.ufl.edu:389 
    authentication not supported

This message is sent to syslog:

   kio_ldap [kdeinit] kio_ldap ldap 
   /tmp/ksocket-jfh/klauncherkFTdqc.slave-socket 
   /tmp/ksocket-jfh/kontact292Sjc.slave-socket: 
   No worthy mechs found

I have the LDAP addressbook configured as follows:

	User		: user
	BindDN		: 
	Realm		: CISE.UFL.EDU
	Password	:
	Host		: server.cise.ufl.edu
	Port		: 389
	LDAP Version	: 3
	Size Limit	: default
	Time Limit	: default
	DN		: dc=cise,dc=ufl,dc=edu
	Filter		:
	Security	: No (no tls)
	Authentication	: SASL/GSSAPI

A connecton is made to the ldap server and then the error message pops up.

   conn=4608 fd=31 ACCEPT from IP=128.227.205.53:60717 (IP=0.0.0.0:389)
   conn=4608 op=0 UNBIND

What is odd is that I'm currently using SASL/GSSPI for both IMAP and SMTP
authentication with no problems. I can also using SASL/GSSAPI to bind to 
the ldap server using ldapsearch:

   /usr/bin/ldapsearch -H ldaps://server.cise.ufl.edu -Y GSSAPI -b
   uid=jfh,ou=Users,dc=cise,dc=ufl,dc=edu

   SASL/GSSAPI authentication started
   SASL username: jfh at CISE.UFL.EDU
   SASL SSF: 56
   SASL installing layers

   # jfh, Users, cise.ufl.edu
   dn: uid=jfh,ou=Users,dc=cise,dc=ufl,dc=edu

I also get a valid ldap ticket this way:

   % klist
   Credentials cache: FILE:/tmp/krb5cc_987
           Principal: jfh at CISE.UFL.EDU

     Issued           Expires          Principal
   May  1 08:36:34  May  1 13:36:34  krbtgt/CISE.UFL.EDU at CISE.UFL.EDU
   May  1 08:37:54  May  1 13:36:34  imap/server.cise.ufl.edu at CISE.UFL.EDU
   May  1 09:36:38  May  1 13:36:34  ldap/server.cise.ufl.edu at CISE.UFL.EDU

Is this something I'm doing wrong, or perhaps is there something wrong
with the way kio_ldap is compiled on SuSE ?

Thanks,

----------------------------------------------------------------------
| Jim Hranicky, Senior SysAdmin                   UF/CISE Department |
| E314D CSE Building                            Phone (352) 392-1499 |
| jfh at cise.ufl.edu                      http://www.cise.ufl.edu/~jfh |
----------------------------------------------------------------------
___________________________________________________
This message is from the kde mailing list.
Account management:  https://mail.kde.org/mailman/listinfo/kde.
Archives: http://lists.kde.org/.
More info: http://www.kde.org/faq.html.

More information about the kde mailing list