[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
RE: Heimdal & OpenLDAP
Hello Alberto:
I do compile OpenLDAP with --enable-local. However instead of run slapd with slapd -h "ldapi:/// ldap:///" as is said in the documentation I run it with slapd -h "ldap://[::] ldap://[0.0.0.0] ldapi://[::] ldapi://[0.0.0.0]" wich is obviously wrong.
:o(
I also noticed running slapd in debug mode that ou=KerberosPrincpals,dc=indra,dc=es must exist prior to run init command.
Now all works fine. Thank you very much.
-----Mensaje original-----
De: Alberto Patino [mailto:jalbertop@aranea.com.mx]
Enviado el: lunes, 31 de marzo de 2003 19:45
Para: Garzon Maldonado, Jesus Javier
CC: heimdal-discuss@sics.se
Asunto: Re: Heimdal & OpenLDAP
Maybe you didn't build the OpenLDAP software with the --anable-local
option so you won't be able to use Unix Domain sockets to write to the
LDAP Server.
Be certain that you turn the option from the OpenLDAP configure files.
On Mon, 2003-03-31 at 07:52, Garzon Maldonado, Jesus Javier wrote:
> Hello all:
>
> I'm working with heimdal 0.5.1 and OpenLDAP 2.0.25 on FreeBSD 4.7. I've tried to use OpenLDAP as store for Kerberos data, but though I've followed what is told at http://www.padl.com/Research/Heimdal.html, whenever I try to initialize the database following message appears:
> kadmin: kadm5_create_principal: ldap_add_s: Can't contact LDAP server.
>
> here is my krb5.conf file:
> [libdefaults]
> default_realm = ITEM.INDRA.ES
> clockskew = 300
> v4_instance_resolve = false
>
> [realms]
> ITEM.INDRA.ES = {
> kdc = itemsp.item.indra.es
> }
> [domain_realm]
> .item.indra.es = ITEM.INDRA.ES
>
> [kdc]
> database = {
> dbname = ldap:ou=KerberosPrincpals,dc=indra,dc=es
> mkey_file = /var/heimdal/m-key
> }
>
> An here is the slapd.conf access section:
> [...]
> access to dn="" by * read
> access to *
> by sockurl="^ldapi:///$" write
> by self write
> by users read
> by anonymous auth
>
> [...]
>
> Do you know what can be happening?
>
> Thank you very much.
>
> Regards.
>
> Javi Garzon.