[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: LDAP backend



On Sat, 2004-03-13 at 13:15, Robert Fitzpatrick wrote:
> I am trying to setup the LDAP backend to Heimdal 0.6 using OpenLDAP
> 2.1.23 following the PADL document.
> http://www.padl.com/Research/Heimdal.html.
> 
Please double check that you built/downloaded a heimdal version with
OpenLDAP support.

For example, use ldd to see that the kdc or kadmin have the ldap
libreties linked to them (libldap and liblber)
ldd /yourheimdaldirectory.../libexec/kdc

/usr/local/heimdal-20040203/libexec/kdc
        libhdb.so.7 => /usr/local/heimdal-20040203/lib/libhdb.so.7
(0x40017000)
        libkrb5.so.17 => /usr/local/heimdal-20040203/lib/libkrb5.so.17
(0x40028000)
        libldap.so.201 => /usr/local/openldap-2.2.5/lib/libldap.so.201
(0x4006f000)
        libsasl2.so.2 => /usr/local/cyrus-sasl-2.1.17/lib/libsasl2.so.2
(0x400a6000)
        libdl.so.2 => /lib/libdl.so.2 (0x400ce000)
        libssl.so.0.9.7 => /usr/local/openssl-0.9.7c/lib/libssl.so.0.9.7
(0x400d1000)
        liblber.so.201 => /usr/local/openldap-2.2.5/lib/liblber.so.201
(0x400ff000)
        libasn1.so.5 => /usr/local/heimdal-20040203/lib/libasn1.so.5
(0x4010c000)
        libroken.so.16 => /usr/local/heimdal-20040203/lib/libroken.so.16
(0x4013e000)
        libcrypto.so.0.9.7 =>
/usr/local/openssl-0.9.7c/lib/libcrypto.so.0.9.7 (0x40152000)
        libcom_err.so.1 =>
/usr/local/heimdal-20040203/lib/libcom_err.so.1 (0x40241000)
        libpthread.so.0 => /lib/tls/libpthread.so.0 (0x40245000)
        libcrypt.so.1 => /lib/libcrypt.so.1 (0x40252000)
        libdb-4.2.so => /usr/local/db-4.2.52.NC/lib/libdb-4.2.so
(0x4027f000)
        libresolv.so.2 => /lib/libresolv.so.2 (0x40335000)
        libc.so.6 => /lib/tls/libc.so.6 (0x42000000)
        /lib/ld-linux.so.2 => /lib/ld-linux.so.2 (0x40000000)
        libz.so.1 => /usr/lib/libz.so.1 (0x40348000)

> I made the settings to LDAP slapd.conf and my realm in Heimdal was
> already created. I add the [kdc] section to /etc/krb5.conf, went into
> kadmin and did 'list *' and it said could not find file for database
> 'ldap:ou=Users,dc=webtent,dc=net'. Maybe wrong, but I thought, let me
> re-init my realm. So, I did 'init WEBTENT' and then added a user and now
> 'list *' shows the principals, but nothing in LDAP.
> 
This is because heimdal is considering 'ldap:ou=Users,dc=webtent,dc=net'
as a file name. If you try to find a match of this file name you will
get it.

> Am I doing this right?
> 
> esmtp# cat /etc/krb5.conf
> [libdefaults]
>         default_realm = WEBTENT.NET
>         clockskew = 300
>         v4_instance_resolve = false
>         v4_name_convert = {
>                 host = {
>                         rcmd = host
>                         ftp = ftp
>                 }
>                 plain = {
>                         something = something-else
>                 }
>         }
> [kdc]
>         database = {
>                 dbname = ldap:ou=Users,dc=webtent,dc=net
>                 mkey_file = /var/heimdal/m-key
>         }
>