search

inejge / ldap3

A pure-Rust LDAP library using the Tokio stack
Apache License 2.0
226 stars 39 forks source link

Bind LDAP with GSSAPI using Kerberos keytab #128

Closed mlesin closed 4 months ago

mlesin commented 4 months ago

Can't find a way to perform bind to ldap using keytab file instead of active user's principal. For example, using HOSTNAME$@EXAMPLE.COM in Active directory environment instead of username@EXAMPLE.COM Is there any way of doing this or this is a limitation of cross-krb5 crate?

I can do this if I perform this before running my program

kinit -k -t /etc/krb5.keytab HOSTNAME\$@EXAMPLE.COM

but this breaks kerberos cache file for current user and I'm not sure this is the most correct way of doing this.

inejge commented 4 months ago

You can pass -c cachename to kinit, and/or use $KRB5CCNAME for the default cache. GSSAPI support in the crate is deliberately designed to depend on the environment, and not accept any options.

inejge commented 4 months ago

Closing as a combination of WONTFIX and a usage question, with workaround provided.