Re: using ldap as heimdal backend

[Robert Fitzpatrick <robert@webtent.com>]

On Tue, 2004-04-06 at 09:25, GĂ©mes GĂ©za wrote:
> With proper access control lists defined in ldap configuration the risk
> is minimal. The LDAP connection is realized over a UNIX domain socket,
> so Heimdal and LDAP server must run on the same host.
> Recomended reading:
> http://www.padl.com/Research/Heimdal.html
> 

This is the document I am trying to use and having problems. Any
attempts to connect result in "Can't contact LDAP server". Thought I
would check here that what I have setup is correct:

esmtp# ps -ax|grep ldap
14242  ??  Ss     3:44.68 /usr/local/libexec/slapd -h
ldapi://%2fvar%2frun%2fopenldap%2fldapi/ ldap://0.0.0.0:389/
ldaps://0.0.0.0:636/ -u ldap
esmtp# ldapsearch -H 'ldapi://localhost/' -x
ldap_bind: Can't contact LDAP server (81)

Can I test connectivity this way? I get the same error when trying to
init a realm in Heimdal. A simple 'ldapsearch -x' works fine. Am I doing
this right? I have this in slapd.conf and have tried other combination
suggested here or on the OpenLDAP list, like ':

access to *
        by sockurl="^ldapi:///$" write
        by dn="cn=Robert Fitzpatrick,ou=People,dc=webtent,dc=net" write
        by self write
        by * read

-- 
Robert