Hello,
I have a Dovecot 2.2.25 set up with OpenLDAP back end. I was trying to set up a GSSAPI Kerberos authentication with the LDAP server but with little success. Seems no matter what I try I end up with the following error message:
dovecot: auth: Error: LDAP: binding failed (dn (imap/host.example.com@EXAMPLE.COM)): Local error, SASL(-1): generic failure: GSSAPI Error: Unspecified GSS failure. Minor code may provide more information (No Kerberos credentials available (default cache: FILE:/tmp/dovecot.krb5.ccache))
I have set the import_environment in dovecot.conf:
import_environment = TZ CORE_OUTOFMEM CORE_ERROR LISTEN_PID LISTEN_FDS KRB5CCNAME=FILE:/tmp/dovecot.krb5.ccache
And these in LDAP configuration:
dn = imap/host.example.com@EXAMPLE.COM sasl_bind = yes sasl_mech = gssapi sasl_realm = EXAMPLE.COM sasl_authz_id = imap/host.example.com@EXAMPLE.COM
I have tried with different values in dn and sasl_authz_id and also leaving them out completely but I always end up with the error message above. Using simple bind without GSSAPI works just fine.
The credentials cache file exists and is valid for the principal imap/host.example.com@EXAMPLE.COM. The file is owned by dovecot user so it shouldn't be a permission problem either.
GSSAPI in OpenLDAP works but I suppose it is irrelevant here since the connection attempt never reaches the LDAP server due to the error. I also have similar setup for Postfix and it works fine.
Any ideas what to try next?
Best regards, Juha