[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: hdb-ldap backend and Samba integration

Andrew Bartlett wrote:
> On Wed, 2006-12-13 at 16:39 +0100, Laurent Pinchart wrote:
>> Hi everybody.
>> Disclaimer: I'm new to Heimdal and Kerberos in general. Despite having read 
>> lots of documentation (down to the Kerberos RFCs), I might still ask 
>> newbie-level questions.
>> I'm trying to setup Heimdal, LDAP and Samba to play together. After a week 
>> spent reading various sources of documentation, and installing a Heimdal 
>> Kerberos KDC, I think I found the right way to go.
>> I installed OpenLDAP-2.3.29, Heimdal-0.7.2 and Samba. Heimdal is configured 
>> with the LDAP backend, which works properly. I'm able to add principals to 
>> the realm, things are fine so far.
>> To integrate Heimdal and Samba, I plan to use the smbk5pwd overlay on OpenLDAP 
>> which changes all the user credentials (Samba hashes and Kerberos hashes) 
>> itself when an password change extended operation is requested. This requires 
>> Heimdal principal information and Samba account information to be stored in a 
>> single common entry in the LDAP directory.
> Has someone revived that module?  I asked for it to be written, then
> never actually used it.  Last I heard it has bitrotted.  It would be
> great news it if was going again.

Where did you hear that it was rotting? It's always been up to date and 
is in active use...

  -- Howard Chu
  Chief Architect, Symas Corp.  http://www.symas.com
  Director, Highland Sun        http://highlandsun.com/hyc
  OpenLDAP Core Team            http://www.openldap.org/project/