[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: Heimdal-Openldap how to store principals?

Jose,

Thanks for your help.

I rebuilt Heimdal using additional --with-openssl=path/to/openssl 
directives, hoping that was my main problem.  I don't think so.

I tried 'init RPI.EDU, and these files are deposited in the pwd.   These
are indeed the kerberos database files.  If I delete them, all kerberos
accounts are lost.  The files and accounts are recreated upon an 'init
RPI.EDU' command.
ldap:ou=kerberos,dc=rpi,dc=edu.dir
ldap:ou=kerberos,dc=rpi,dc=edu.log
ldap:ou=kerberos,dc=rpi,dc=edu.lock
ldap:ou=kerberos,dc=rpi,dc=edu.pag

So, it appears I don't have the Unix Socket working correctly.  Is this
connected to ssl or cyrus-sasl. or is it independent of either?  I will
have to do some reading on sockets.

The system log reports this from kerberos:

Aug 27 10:38:44 ldap3 kernel: application bug: kadmind(30385) has
SIGCHLD set to SIG_IGN but calls wait().
Aug 27 10:38:44 ldap3 kernel: (see the NOTES section of 'man 2 wait').
Workaround activated.


On Fri, 2004-08-27 at 10:40, Jose Gonzalez Gomez wrote:
> 
>     Andrew,
> 
> Andrew Bacchi wrote:
> 
> >Jose,
> >
> >I have been following your HowTo all along, thanks for the great info. 
> >I am stuck at section 6.2.2, init EXAMPLE.COM.  You say, "This should
> >have created several entries in our LDAP directory under the system
> >branch.", I don't see them under any branch.  Does Kerberos create these
> >accounts as would an LDIF?
> >  
> >
>     Yes, the init command creates those entries. If the entries don't 
> get created you must have something wrong in your environment. (There's 
> a typo there, it should say kerberos branch instead of system branch).
> 
> >I have Heimdal configured with:
> >configure --prefix=%{heimdalprefix}
> >	--with-openldap=/var/ldap/etc/openldap/ --disable-berkeley-db
> >  
> >
> >Is this OK?
> >  
> >
>     Unfortunately I use Gentoo, so I don't know what compile options are 
> being used. I guess they are right... anyway, input on this issue is 
> welcome to be included in the howto. If I have time I will investigate 
> this to include this information in the howto.
> 
> >Also, I can see the server listening on the Unix Socket.  But are there
> >possible permission problems?
> >unix  2      [ ACC ]     STREAM     LISTENING     469921
> >/var/ldap/var/run/ldapi
> >
> >  
> >
>     Maybe... take a look at the OpenLDAP logs. Heimdal uses the unix 
> socket to connect, so you should see logs of the connection being made. 
> Could you post the content of your logs?
> 
>     Best regards
>     Jose
> 
-- 
Facade: Provide a unified interface to a set of interfaces in a
subsystem.

Andrew Bacchi
Staff Systems Programmer
Rensselaer Polytechnic Institute
phone: 518 276-6415  fax: 518 276-2809

http://www.rpi.edu/~bacchi/