[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

hdb-ldap-structural-object = inetOrgPerson

To: heimdal-discuss@sics.se, ldap-interop@fini.net
Subject: hdb-ldap-structural-object = inetOrgPerson
From: Michael Ströder <michael@stroeder.com>
Date: Tue, 20 Dec 2005 23:03:09 +0100
Sender: owner-heimdal-discuss@sics.se
User-Agent: Mozilla/5.0 (X11; U; Linux i686; en-US; rv:1.7.12) Gecko/20050920

HI!

Sorry for cross-posting but I think both mailing lists are suitable for
this posting.

I'm playing with heimdal 0.7.1 and hdb-ldap. I'm wondering whether this
should work for using 'inetOrgPerson' as STRUCTURAL object class when
adding new users:

[kdc]
    database = {
        dbname = ldap:ou=Benutzer,ou=bv,dc=example,dc=com
        hdb-ldap-structural-object = inetOrgPerson
        mkey_file = /var/heimdal/m-key
    }

It does not work for me. 'kadmin add' always uses STRUCTURAL object
class 'account'. Do I have to add something for "Attributes: []" to make
this work?

# /opt/heimdal/sbin/kadmin -l add susi
Max ticket life [unlimited]:
Max renewable life [unlimited]:
Principal expiration time [never]:
Password expiration time [never]:
Attributes []:
susi@CORAG.DE's Password:
Verifying - susi@CORAG.DE's Password:

This results in LDAP entry with 'account':

dn: krb5PrincipalName=susi@EXAMPLE.COM,ou=Benutzer,ou=bv,dc=example,dc=com
krb5KDCFlags: 126
krb5Key:: ME+gAwIB...
krb5KeyVersionNumber: 0
krb5MaxLife: 86400
krb5MaxRenew: 604800
krb5PrincipalName: susi@EXAMPLE.COM
objectClass: top
objectClass: account
objectClass: krb5Principal
objectClass: krb5KDCEntry
uid: susi

Ciao, Michael.

Prev by Date: YOUR EMAIL ADDRESS WAS SELECTED AS A WINNER
Next by Date: Re: Using John the Ripper with Heimdal
Prev by thread: YOUR EMAIL ADDRESS WAS SELECTED AS A WINNER
Next by thread: Type 24 (arcfour-hmac-md5-exp) support
Index(es):
- Date
- Thread