OD/possibly Kerberos when trying to implement a shared address book

[djidji]

I’ve been trying to create a shared address book for all my OD users(Tiger server on an Xserve G4), using both the shareware solution ABXLDAP from j2anywhere.com and by manualy inserting an .ldif file via the command line (ldapadd -f filename.ldif). However, I constanly bump into this error:
[code]
ldap_sasl_interactive_bind_s: Local error (-2)
additional info: SASL(-1): generic failure: GSSAPI Error: Miscellaneous failure (Server not found in Kerberos database)
[/code]
The KDC log says:
[code]my.correct.fqdn krb5kdc[297](info): TGS_REQ (7 etypes {18 17 16 23 1 3 2}) xxx.xxx.xxx.xxx: UNKNOWN_SERVER: authtime 1174232886, [email protected]. for krbtgt/[email protected]., Server not found in Kerberos database
[/code]
This situation repeats no matter if I try from the server itself (ssh) or from my local machine. The only change is the IP address. DNS should be ok.. both forward and reverse, althogh ‘dig IP’ fails. ‘dig -x IP’ works which keeps me happy. I can successfully search [b]users[/b] via the client’s AddressBook.app, but I can not modify the schema on the server, no matter how I try.
Any help will be greatly appreciated.

[djidji]

I know it is probably a bit of a harsh thing to do, but it is the only way known to me to create some kind of info structure apart from Workgroup manager. Bottom line, I need to create a share contact list 🙂
Anyway, even searching from the command line doen’t work (ldapsearch command)

[djidji]

solved by a very helpful post at discussionsl.apple.com. Turns out I should use CRAM-MD5 for passwords and not SASL:
[code]ldapsearch -U username -W -Y CRAM-MD5[/code]

[Author]

Posts