[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: ldap backend search mode

"Prágai, Róbert" <pragai@rubin.hu> writes:

> Hi,
> 	I've managed to install the heimdal-with-openldap-backend scenario as
> in "http://www.openinput.com/auth-howto/index.html" and succeeded to
> init the Kerberos realm. However when I try to "see" all  objects in the
> ldap backend (i.e. setting the dbname = ldap:dc=example,dc=com in
> /etc/krb5.conf) the
> kadmin> list *
> returned an empty set of kerberos objects.
> There is a line in the slapd log:
> conn=0 op=1 SRCH base="dc=example,dc=com" scope=1
> filter="(objectClass=krb5KDCEntry)"
> 	because of which I suspect that the ldap search is not a "sub" one. Is
> this intentional? What is the reason of this?

In the current code all searchare are subtree. In the original patch they
where BASE searches because of how the contributors ldap setup looked like.

Just go into lib/hdb/hdb-ldap.c and replace all LDAP_SCOPE_BASE with


PGP signature