Visit Jeremy's Blog.
Go Back > Forums > Linux Forums > Linux - Software
User Name
Linux - Software This forum is for Software issues.
Having a problem installing a new program? Want to know which application is best for the job? Post your question in this forum.


  Search this Thread
Old 02-28-2015, 03:38 PM   #1
Registered: Jan 2010
Posts: 60

Rep: Reputation: 17
How do you strace the GSSAPI module when run through LDAP?


I'm having problems with GSSAPI and LDAP. From the information available I have narrowed the problem down to somewhere in the acquire_cred1 or gss_krb5_canonicalize_name functions in the GSSAPI module.

What I really need is to understand how the minor_status parameter got set, as that may tell me specifically where my issue lies.

However, using strace on the ldapwhoami command only shows what the client is doing, and the problem is on the server side.

The slapd service has got full log levels on, but it doesn't give me enough information, as it seems the problem is in GSSAPI not slapd.

I have tried running slapd with strace, however I cannot seem to do so in such a manner that the slapd service runs as it would when invoked through the service slapd start line. Using strace seems to then cause all ldap* commands to fail to find the LDAP service.

I don't even know if a strace on slapd would capture the information I am after.

How can I capture the information in the GSSAPI module?

Old 03-02-2015, 08:34 AM   #2
Registered: Jan 2010
Posts: 60

Original Poster
Rep: Reputation: 17

Figured it out.

First check the service is running as normal. Then do:

sudo pidof slapd
This will give you the pid number, so then run:

sudo strace -o /tmp/dumpslapd.log -f -s 1024 -p <insert pid>
Then open another terminal window and carry out your test in that. Once you're finished testing, hit Ctrl+C in the one where strace is running.

The problem was not GSSAPI, the problem was that the openldap user did not have permission to access a file. Looking back through the strace output to where the error message was, I could see just before the error output a file read attempt being denied, and the full path of the file.


Last edited by peridian; 03-02-2015 at 08:35 AM. Reason: Missing sudo
1 members found this post helpful.


openldap, sasl2

Thread Tools Search this Thread
Search this Thread:

Advanced Search

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is On
Smilies are On
[IMG] code is Off
HTML code is Off

Similar Threads
Thread Thread Starter Forum Replies Last Post
Permission denied (publickey, gssapi-keyex,gssapi-with-mic,password) Huaqing Wang Linux - Newbie 1 06-27-2012 07:51 PM
Nss-ldap sasl/gssapi? wilslm Linux - General 3 05-07-2011 04:37 AM
LDAP bind trouble via Kerb/SASL/GSSAPI- principal name mangled riemann_noodles Linux - Server 0 07-09-2008 01:08 PM
LDAP config problem with GSSAPI: No such file or directory charlweed Linux - Server 1 01-17-2008 12:44 PM
ldap SASL GSSAPI , unknown authorization mechanism mesh2005 Linux - Networking 0 11-20-2005 08:16 AM > Forums > Linux Forums > Linux - Software

All times are GMT -5. The time now is 10:52 AM.

Main Menu
Write for LQ is looking for people interested in writing Editorials, Articles, Reviews, and more. If you'd like to contribute content, let us know.
Main Menu
RSS1  Latest Threads
RSS1  LQ News
Twitter: @linuxquestions
Open Source Consulting | Domain Registration