[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
Re: heimdal-0.6.5 / hdb-ldap / kadmin remote
- To: Marco Hoehle <MHO@zurich.ibm.com>
- Subject: Re: heimdal-0.6.5 / hdb-ldap / kadmin remote
- From: Love Hörnquist Åstrand <lha@kth.se>
- Date: Fri, 03 Feb 2006 12:17:21 +0100
- Cc: heimdal-discuss@sics.se
- In-Reply-To: <OF17FD94CE.8873304F-ON412570C4.00517005-412570C4.0056FEB4@ch.ibm.com> (MarcoHoehle's message of "Fri, 25 Nov 2005 16:50:13 +0100")
- References: <OF17FD94CE.8873304F-ON412570C4.00517005-412570C4.0056FEB4@ch.ibm.com>
- Sender: owner-heimdal-discuss@sics.se
- User-Agent: Gnus/5.1006 (Gnus v5.10.6) Emacs/22.0.50 (darwin)
Marco Hoehle <MHO@zurich.ibm.com> writes:
> Hi,
>
> we have strange behaviours with remote accessing kadmin when using hdb-ldap
> backend and I have no more idea what to do.
>
>
> Problem description:
>
> heimdal-0.6.5 on SLES9 ppc64
> kadmin does not allow remote kadmin in conjunction with hdb-ldap backend.
>
> the kadmind.acl seems to be correct, because if we switch to heimdal.db
> file, the remote kadmin is working fine.
> The ldap backend seems to work correct, because with kadmin -l we can see
> all the principals and kinit / afslog / gssapi / etc is also working as
> expected.
>
> About the SASL regexp they seems to be correct, in the log I have the
> correct user accessing via ldapi.
>
> What I am wondering about is
>
> 1) sure: why does kadmin remote not work (am I missing something, patch ?
> wrong config ? ), am I alone with this problem ?
Not sure, did you ever find out the answer ? If not, care to set breakpoint
in _kadm5_acl_check_permission() and try to figure out what goes wrong ?
> 2) why is in hdb-ldap.c LDAP_SEARCH_ONELEVEL implemented and not
> LDAP_SEARCH_SCOPE (for testing I used a unmodified version of hdb-ldap.c,
> but the patch is already there :) )
I've changed this to LDAP_SEARCH_SCOPE in 0.7.
Love
PGP signature