[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: MIT -> Heimdal/LDAP/Samba

On Tue, 12 Apr 2005 17:58:26 +0200
Love Hörnquist Åstrand <lha@kth.se> wrote:

> 
> "James F. Hranicky" <jfh@cise.ufl.edu> writes:
> 
> > 	hprop --source=mit-dump -d /tmp/kdc.db -n | hpropd -n
> >
> > but it appears to have created a database in /var/heimdal, despite
> > the fact I specify an ldap db in /etc/krb5.conf.
> >
> > Thanks for any info.
> 
> Hpropd will use the default database if not --database=... is used. It
> looks to me that it will almost work, it will fail with "db_rename:
> database in use" after the operation is done. I'm not sure how I want to
> solve that problem.

With this code change:

--------------------------------------
--- heimdal-20050220/kdc/hpropd.c       Thu May  5 14:51:26 2005
+++ heimdal-20050220.mod/kdc/hpropd.c   Thu May  5 15:44:48 2005
@@ -341,7 +341,13 @@
     }
     
     if(!print_dump) {
-       asprintf(&tmp_db, "%s~", database);
+        int ret;
+        if ((ret = strncmp(database, "ldap:", strlen("ldap:")))) {
+            asprintf(&tmp_db, "%s~", database);
+        } else { 
+            asprintf(&tmp_db, "%s", database);
+        }
+
 #ifdef KRB4
        if (v4dump) {
            fd_out = open(tmp_db, O_WRONLY | O_CREAT | O_TRUNC, 0600);

--------------------------------------

I did this:

    hprop --source=mit-dump -d /tmp/kdc.db -n | hpropd -n -d ldap:dc=cise,dc=ufl,dc=edu

Probably a bit of a kludge, but otherwise it was trying to add principals 
to "dc=cise,dc=ufl,dc=edu~", which wasn't working, as that LDAP suffix doesn't
exist.

This actually populated my LDAP database, but left out the keys (what I really
want, of course). I tried using the -D flag with the MIT master key, but I 
ended up where this person did:

    http://www.stacken.kth.se/lists/heimdal-discuss/2004-11/msg00008.html

Any suggestions, or am I out of luck?

Jim