Thanks for looking into this. Unfortunately I don't have much to add to my earlier response in this thread. Here are the only kerberos-related types of lines that I have in slapd.conf:
As I mentioned before, I do have an /etc/krb5.keytab. ldapwhoami -Y GSSAPI works fine. I don't know precisely how slapd ends up using kcm. slapd is linked with libheimbase.so.1, so presumably it ends up calling some heimdal library function that ends up accessing that socket.
Hi Ryan,
Thanks for looking into this. Unfortunately I don't have much to add to my earlier response in this thread. Here are the only kerberos-related types of lines that I have in slapd.conf:
authz-regexp ([^,]*) ,cn=([^ ,]*),cn= gssapi, cn=auth ///dc=example, dc=com? ?sub?(exampleKr b5PrincipalName =$1@$2)
uid=
ldap:
sasl-realm EXAMPLE.COM
sasl-secprops minssf=0
As I mentioned before, I do have an /etc/krb5.keytab. ldapwhoami -Y GSSAPI works fine. I don't know precisely how slapd ends up using kcm. slapd is linked with libheimbase.so.1, so presumably it ends up calling some heimdal library function that ends up accessing that socket.