Re: ldap backend syntax

[Andreas Hasenack <ahasenack@terra.com.br>]

On Thu, Mar 16, 2006 at 10:59:00AM -0300, Andreas Hasenack wrote:
> version 0.7.2 on linux
> 
> I'm using this in krb5.conf, according to the documentation at heimdal's
> site:
> [kdc]
>         database = {
>                 dbname = ldap:ou=People,dc=mycnc,dc=com
>         }
>         #hdb-ldap-structural-object = person
>         hdb-ldap-create-base = ou=people,dc=mycnc,dc=com
> 
> The weird thing is that there is a *file* called
> "ldap:ou=People,dc=mycnc,dc=com" in /var/heimdal and, it seems, wherever
> I happen to run "kadmin -l" from (when running init). Is this syntax
> correct?
> 
> Furthermore, while strace()ing kadmind for another problem, I noticed it
> tries to open this "ldap:ou=People,dc=mycnc,dc=com" in the current
> directory.
> 
> I have a feeling this syntax is incorrect... Or is it not? Is this
> expected?

This seems so wrong... Excerpt from strace of kadmind:
10428 time(NULL)                        = 1142519719
10428 open("ldap:ou=People,dc=mycnc,dc=com.mkey", O_RDONLY|O_LARGEFILE) = -1 ENOENT (No such file or directory)
10428 socket(PF_FILE, SOCK_DGRAM, 0)    = 4
10428 open("ldap:ou=People,dc=mycnc,dc=com.acl", O_RDONLY|O_LARGEFILE) = -1 ENOENT (No such file or directory)
10428 read(0, "\0\0\0\\", 4)            = 4

The other problem I was having was kadmind ignoring my acls (that's why I was stracing it).
Turns out that if I rename kadmind.acl to ldap:ou=People,dc=mycnc,dc=com.acl it works.