We are using GSSAPIBindRequest to authenticate users against an MS-AD server behind a DMZ perimeter.
The connection to the MS-AD LDAP port is via an external DNS name which is not used in the MS-AD server network as the local LDAP service name.
GSSAPIBindRequest uses this external connection address as the serverName to create SaslClient. This results in the error: KrbException: Server not found in Kerberos database (7)
The workaround is to create the internal MS-AD servername as a hosts file entry, and use this as the LDAP host address.
Could you please consider changing GSSAPIBindRequest to allow configuration of an alternative SaslClient serverName?
Best Regards,
Chris
Last edit: Chris Warren-Smith 2013-08-20
If you would like to refer to this comment somewhere else in this project, copy and paste the following link:
I've just committed an update to add a new GSSAPIBindRequestProperties.setSASLClientServerName method that you can use to accomplish this. The LDAP SDK will still default to using the address specified when establishing the connection, but you can now use this new method to override that name if necessary.
Neil
If you would like to refer to this comment somewhere else in this project, copy and paste the following link:
We are using GSSAPIBindRequest to authenticate users against an MS-AD server behind a DMZ perimeter.
The connection to the MS-AD LDAP port is via an external DNS name which is not used in the MS-AD server network as the local LDAP service name.
GSSAPIBindRequest uses this external connection address as the serverName to create SaslClient. This results in the error: KrbException: Server not found in Kerberos database (7)
The workaround is to create the internal MS-AD servername as a hosts file entry, and use this as the LDAP host address.
Could you please consider changing GSSAPIBindRequest to allow configuration of an alternative SaslClient serverName?
Best Regards,
Chris
Last edit: Chris Warren-Smith 2013-08-20
I've just committed an update to add a new GSSAPIBindRequestProperties.setSASLClientServerName method that you can use to accomplish this. The LDAP SDK will still default to using the address specified when establishing the connection, but you can now use this new method to override that name if necessary.
Neil
Hi Neil,
Thanks, we appreciate your quick response.
Best Regards,
Chris