[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
Re: using ldap as heimdal backend
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
Robert Fitzpatrick Ãrta:
| On Tue, 2004-04-06 at 09:25, Gémes Géza wrote:
|
|>With proper access control lists defined in ldap configuration the risk
|>is minimal. The LDAP connection is realized over a UNIX domain socket,
|>so Heimdal and LDAP server must run on the same host.
|>Recomended reading:
|>http://www.padl.com/Research/Heimdal.html
|>
|
|
| This is the document I am trying to use and having problems. Any
| attempts to connect result in "Can't contact LDAP server". Thought I
| would check here that what I have setup is correct:
|
| esmtp# ps -ax|grep ldap
| 14242 ?? Ss 3:44.68 /usr/local/libexec/slapd -h
| ldapi://%2fvar%2frun%2fopenldap%2fldapi/ ldap://0.0.0.0:389/
| ldaps://0.0.0.0:636/ -u ldap
| esmtp# ldapsearch -H 'ldapi://localhost/' -x
for the ldapi connection method you should do your tests with somehing like:
ldapsearch -H ldapi://%2fvar%2frun%2fldap%2fldapi -x
| ldap_bind: Can't contact LDAP server (81)
|
| Can I test connectivity this way? I get the same error when trying to
| init a realm in Heimdal. A simple 'ldapsearch -x' works fine. Am I doing
| this right? I have this in slapd.conf and have tried other combination
| suggested here or on the OpenLDAP list, like ':
|
| access to *
| by sockurl="^ldapi:///$" write
| by dn="cn=Robert Fitzpatrick,ou=People,dc=webtent,dc=net" write
| by self write
| by * read
|
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.2.3 (GNU/Linux)
Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org
iD8DBQFAcubk/PxuIn+i1pIRAgTrAKCV40CXw14tDRD4Pju5KSRWJnOv5ACeJEph
dTVMbuarQWWeAkJwYl4vlfE=
=vwao
-----END PGP SIGNATURE-----