[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: Trouble with ldap backend..

Em Qua 17 Mai 2006 02:00, jay alvarez escreveu:
> Hi,
> I already have a working heimdal with ldap backend..
> However, I have some confusions..
> First, when I run kadmin -l and do some stuffs like
> removing a principal, there is a log file created in
> the current working directory that looks like this:
> ldap:ou=krb5accounts,o=example,dc=com.log

This log file is used for replication.

> in my krb5.conf...
> [logging]
>         kdc = FILE:/var/heimdal/logs/krb5kdc.log
>         admin_server =
> FILE:/var/heimdal/logs/kadmin.log
>         kdc = SYSLOG
>         admin_server = SYSLOG
>         default = SYSLOG
> -------------------
> [kdc]
>         database = {
>         acl_file = /var/heimdal/kadmind.acl
>         mkey_file = /var/heimdal/m-key
>         dbname  =
> ldap:ou=krb5accounts,o=example,dc=com

Seems that if log_file inside database{} is not specified, the default is to 
use the database name plus the ".log" suffix. This gives the wierd filename 
you saw, because the database name is not a file, but an LDAP "name". The 
same behaviour happens with the acl_file (I sent a patch to this list a while 
ago to better describe this in the krb5.conf manpage).

> Second problem..
> I tried reinstalling openldap and heimdal in another
> machine.. create a dn(ou=krb5accounts) where my
> principals will be stored under, copied the same
> config files(slapd.conf, krb5.conf etc. with some
> modifications) from the old machine, then run the
> slapd with ldapi:///...
> and then run kstash...
> kadmin -l
> then init our realm...
> tried adding a principal... and it worked.
> However when I tried ldapsearch my directory,
> ou=krb5accounts contains nothing.. On the same
> directory where I run kadmin, now I can see another
> file aside from the logfile.
> The same filename but ending in .db:
> ldap:ou=krb5accounts,o=example,dc=com.db
> I tried deleting it(.db) and issued a "list *", and
> then it says opening database: dbopen
> (ldap:ou=krb5accounts,o=example,dc=com): No such file
> or directory..
> How can this be... heimdal didn't actually stored my
> principals in my ldap directory, but instead in that
> db file.

Are you sure this heimdal on the other server was built with ldap support?