 |
 | Home | Contact Us | FAQ | Search & Site Map | Link to Us |
 | Sign In | Join | Other 45 Sites in Network |
Java Forum / Security / February 2006Kerberos+SASL+GSSAPI Java 1.5. problem
Hi, I have an application that does kerberos authentication and then binds to LDAP using SASL-GSSAPI. It works perfect under Java 1.4.2 but it doesn't run under Java 1.5.0. I attach the slapd log entries concerning sasl of both versions. <1.4.2> Feb 6 13:23:43 buti slapd[16906]: do_sasl_bind: dn () mech GSSAPI Feb 6 13:23:43 buti slapd[16906]: ==> sasl_bind: dn="" mech=GSSAPI datalen=474 Feb 6 13:23:43 buti slapd[16906]: send_ldap_sasl: err=14 len=0 Feb 6 13:23:44 buti slapd[16906]: <== slap_sasl_bind: rc=14 Feb 6 13:23:44 buti slapd[16906]: do_sasl_bind: dn () mech GSSAPI Feb 6 13:23:44 buti slapd[16906]: ==> sasl_bind: dn="" mech=<continuing> datalen=0 Feb 6 13:23:44 buti slapd[16906]: send_ldap_sasl: err=14 len=53 Feb 6 13:23:44 buti slapd[16906]: <== slap_sasl_bind: rc=14 Feb 6 13:23:44 buti slapd[16906]: do_sasl_bind: dn () mech GSSAPI Feb 6 13:23:44 buti slapd[16906]: ==> sasl_bind: dn="" mech=<continuing> datalen=53 <comment>Here the differences start</comment Feb 6 13:23:44 buti slapd[16906]: slap_sasl_getdn: id=didi [len=4] Feb 6 13:23:44 buti slapd[16906]: slap_sasl_getdn: u:id converted to uid=didi,cn=GEWI.UNI-GRAZ.AT,cn=GSSAPI,cn=auth Feb 6 13:23:44 buti slapd[16906]: ==>slap_sasl2dn: converting SASL name uid=didi,cn=gewi.uni-graz.at,cn=gssapi,cn=auth to a DN Feb 6 13:23:44 buti slapd[16906]: slap_sasl_regexp: converting SASL name uid=didi,cn=gewi.uni-graz.at,cn=gssapi,cn=auth Feb 6 13:23:44 buti slapd[16906]: slap_sasl_regexp: converted SASL name to cn=didi,ou=people,dc=xlab,dc=uni-graz,dc=at Feb 6 13:23:44 buti slapd[16906]: <==slap_sasl2dn: Converted SASL name to cn=didi,ou=people,dc=xlab,dc=uni-graz,dc=at Feb 6 13:23:44 buti slapd[16906]: send_ldap_sasl: err=0 len=-1 Feb 6 13:23:44 buti slapd[16906]: <== slap_sasl_bind: rc=0 </1.4.2> <1.5> Feb 6 13:25:05 buti slapd[16906]: do_sasl_bind: dn () mech GSSAPI Feb 6 13:25:05 buti slapd[16906]: ==> sasl_bind: dn="" mech=GSSAPI datalen=474 Feb 6 13:25:05 buti slapd[16906]: send_ldap_sasl: err=14 len=0 Feb 6 13:25:05 buti slapd[16906]: <== slap_sasl_bind: rc=14 Feb 6 13:25:05 buti slapd[16906]: do_sasl_bind: dn () mech GSSAPI Feb 6 13:25:05 buti slapd[16906]: ==> sasl_bind: dn="" mech=<continuing> datalen=0 Feb 6 13:25:05 buti slapd[16906]: send_ldap_sasl: err=14 len=53 Feb 6 13:25:05 buti slapd[16906]: <== slap_sasl_bind: rc=14 Feb 6 13:25:05 buti slapd[16906]: do_sasl_bind: dn () mech GSSAPI Feb 6 13:25:05 buti slapd[16906]: ==> sasl_bind: dn="" mech=<continuing> datalen=53 Feb 6 13:25:05 buti slapd[16906]: <== slap_sasl_bind: rc=80 </1.5> Maybe someone has an idea what's going wrong!? Thanks in advance Dieter What I forgot: The error message I get is javax.naming.NamingException: [LDAP: error code 80 - SASL(-1): generic failure: GSSAPI Error: A token was invalid (No error)] > Hi, > [quoted text clipped - 56 lines] > Thanks in advance > Dieter Free MagazinesGet these publications absolutely FREE for up to 12 months. There are no hidden fees and no obligation. Simply choose a title, complete the application form and submit it. Read more ...
|
Reply to this Message
|
 Sign In
 Join
 My Latest Posts My Monitored Threads My Blog My Photo Gallery My Profile My Homepage Start New Thread Enable EMail Alerts Rate this Thread
|
©2008 Advenet LLC Privacy Policy - Terms of Use
This website includes both content owned or controlled by Advenet as well as content owned or controlled by third parties.