[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: ldap backend search mode

To: Prágai, Róbert <pragai@rubin.hu>
Subject: Re: ldap backend search mode
From: Love Hörnquist Ĺstrand <lha@kth.se>
Date: Wed, 11 May 2005 21:27:25 +0200
Cc: heimdal-discuss@sics.se
In-Reply-To: <42820FE1.6020706@rubin.hu> (Róbert Prágai's message of "Wed, 11 May 2005 16:00:01 +0200")
References: <42820FE1.6020706@rubin.hu>
Sender: owner-heimdal-discuss@sics.se
User-Agent: Gnus/5.1006 (Gnus v5.10.6) Emacs/21.3 (berkeley-unix)


"Prágai, Róbert" <pragai@rubin.hu> writes:

> Hi,
>
> 	I've managed to install the heimdal-with-openldap-backend scenario as
> in "http://www.openinput.com/auth-howto/index.html" and succeeded to
> init the Kerberos realm. However when I try to "see" all  objects in the
> ldap backend (i.e. setting the dbname = ldap:dc=example,dc=com in
> /etc/krb5.conf) the
>
> kadmin> list *
>
> returned an empty set of kerberos objects.
>
> There is a line in the slapd log:
> conn=0 op=1 SRCH base="dc=example,dc=com" scope=1
> filter="(objectClass=krb5KDCEntry)"
>
> 	because of which I suspect that the ldap search is not a "sub" one. Is
> this intentional? What is the reason of this?

In the current code all searchare are subtree. In the original patch they
where BASE searches because of how the contributors ldap setup looked like.

Just go into lib/hdb/hdb-ldap.c and replace all LDAP_SCOPE_BASE with
LDAP_SCOPE_SUBTREE.

Love

PGP signature

References:
- ldap backend search mode
  - From: "Prágai, Róbert" <pragai@rubin.hu>

Prev by Date: Re: re-requests of expired keys.
Next by Date: Re: re-requests of expired keys.
Prev by thread: ldap backend search mode
Next by thread: Problems with Service Principle Unknown and Windows AD.
Index(es):
- Date
- Thread