Hi,

I'm having problems with GSSAPI and LDAP. From the information available I have narrowed the problem down to somewhere in the acquire_cred1 or gss_krb5_canonicalize_name functions in the GSSAPI module.

What I really need is to understand how the minor_status parameter got set, as that may tell me specifically where my issue lies.

However, using strace on the ldapwhoami command only shows what the client is doing, and the problem is on the server side.

The slapd service has got full log levels on, but it doesn't give me enough information, as it seems the problem is in GSSAPI not slapd.

I have tried running slapd with strace, however I cannot seem to do so in such a manner that the slapd service runs as it would when invoked through the service slapd start line. Using strace seems to then cause all ldap* commands to fail to find the LDAP service.

I don't even know if a strace on slapd would capture the information I am after.

How can I capture the information in the GSSAPI module?

Regards,
Rob.

Hi,

Figured it out.

First check the service is running as normal. Then do:

This will give you the pid number, so then run:

Then open another terminal window and carry out your test in that. Once you're finished testing, hit Ctrl+C in the one where strace is running.

The problem was not GSSAPI, the problem was that the openldap user did not have permission to access a file. Looking back through the strace output to where the error message was, I could see just before the error output a file read attempt being denied, and the full path of the file.

Regards,
Rob.

1 members found this post helpful.