[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: Heimdal/OpenLDAP/Samba howto and bugreport



On Sat, 2004-06-05 at 04:54, GĂ©mes GĂ©za wrote:
> Tarjei Huse Ă­rta:

> >setting ldap:o=skool as the searchdn will find both students and
> >teachers.
> >
> >Tarjei
> >  
> >
> Is the same true for
> 
> hdb-ldap-create-base
> 
> too?
> Thanks
> Geza

Heimdal is not a user administration tool.  It is a kerberos server, and
the reason you are using OpenLDAP, is to allow other (more suitable)
tools to be your user administration tools.  

So, the answer is to simply create your users with some other tool, and
have heimdal set kerberos keys on the existing entry.  The
hdb-ldap-create-base should perhaps never be used - but for things like
a 'init MY.REALM' in kadmin -l, it's useful to put these somewhere other
than the root.  

Andrew Bartlett

-- 
Andrew Bartlett                                 abartlet@pcug.org.au
Manager, Authentication Subsystems, Samba Team  abartlet@samba.org
Student Network Administrator, Hawker College   abartlet@hawkerc.net
http://samba.org     http://build.samba.org     http://hawkerc.net

This is a digitally signed message part