Samba4 server and OpenLDAP client

[Trever L. Adams]

A while back, I filed a bogus bug report (Bug in S4 commit
58206fb9b8d1a66af5a1c08379ed5f6e3413c2f0). It appears that indeed it is,
as suggested, changes in LDAP and that there are no Kerberos bugs.
However, I cannot say for sure as I am having a bit of trouble.

(I am using postfix and dovecot with Kerberos auth and LDAP account
verification, settings.) The problem I am still having is that it seems
that OpenLDAP clients (used by dovecot and postfix via libraries, which
I cannot change), don't want to use a service principal to log into the
LDAP. I can kinit as admin and all works, but not if I use service
principals. The service principal should be ldap/host at REALM, right? If
OpenLDAP just doesn't want to work using service principals on the
client side, is there a way to export a non-expiring normal (plain user)
KT? Finally, does OpenLDAP require knowledge of the CA for SSL to work?

I am sorry that half of these questions are OpenLDAP related and not
directly Samba. I know there are several people who have skills in both
on this list and the answers to some questions may affect the correct
answer (changing even the real question) to the others.

Thank you very much,
Trever
-- 
"Be not defeated twice, once by circumstances and once by oneself." --
Lowell L. Bennion


-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 261 bytes
Desc: OpenPGP digital signature
URL: <http://lists.samba.org/pipermail/samba-technical/attachments/20110105/16dd2b63/attachment.pgp>