Re: Heimdal with OpenLDAP backend problems

[Antoine MILLET <antoine.millet@staff.epita.fr>]

Antoine MILLET wrote:
>
> Hello.
>
> I've a problem to run Heimdal with OpenLDAP backend.
>
> I'm using Heimdal 0.8.1 et OpenLDAP 2.3.36 on OpenBSD 4.1.
>
> Heimdal and OpenLDAP was compile by myself :
>
> heimdal : ./configure --prefix=/usr/local/heimdal 
> --with-openldap=/usr/local/openldap 
> --with-openldap-lib=/usr/local/openldap/lib 
> --with-openldap-include=/usr/local/openldap/include --without-ipv6
> openldap : ./configure --prefix=/usr/local/openldap --enable-syslog 
> --disable-ipv6 --enable-local --enable-slapd
>
> See my krb5.conf (on my KDC / LDAP server):
>
> [libdefaults]
>        default_realm = EPI.NET
>        kdc_timesync = 1
>        renewable = true
>        forwardable = true
>        proxiable = true
>
> [realms]
>        EPI.NET = {
>                kdc = kerberos-master.epi.net
>        }
>
> [domain_realm]
>        epi.net = EPI.NET
>        .epi.net = EPI.NET
>        .epita.fr = EPI.NET
>        .epitech.net = EPI.NET
>
> [kdc]
>        database = {
>                dbname = 
> ldapi://usr/local/openldap/var/run/ldapi:ou=kerberos,ou=services,dc=epi,dc=net 
>
>                hdb-ldap-structural-object = inetOrgPerson
>                realm = EPI.NET
>                mkey_file = /var/heimdal/m-key.file
>        }
>
> [logging]
>        default = FILE:/var/log/kerberos/default.log
>        kdc = FILE:/var/log/kerberos/kdc.log
>        kdc_rotate = {
>                period = 1d
>                version = 365
>        }
>
> [appdefaults]
>        kinit = {
>                renewable = true
>                forwardable= true
>        }
>
> But I use to solution to use local OpenLDAP socket :
>
Sorry, copy / paste from internal new system...
> I.)
> [kdc]
>        database = {
>                 dbname = ldap:ou=kerberos,ou=services,dc=epi,dc=net
>                 }
>
> my kadmin error :
> kadmin -l
> kadmin> init EPI.NET
> kadmin: hdb_open: ldap_sasl_bind_s: Authentication method not supported
>
> *OR*
>
> II.)
> [kdc]
>        database = {
>                 dbname = 
> ldapi:///usr/local/openldap/var/run/ldapi:ou=kerberos,ou=services,dc=epi,dc=net
>                 }
>
> my kadmin error :
> kadmin -l
> kadmin> init EPI.NET
> kadmin: hdb_open: ldap_initialize: Bad parameter to an ldap routine
>
> Does anybody have any idea to solve my problem and use Heimdal with 
> LDAP backend ?
>
> Thanks in advance.
>
Sorry.

Cordialement.

-- 
Antoine MILLET
Administrateur Systeme et Reseau du Campus Technologique de IONIS
antoine.millet@staff.epita.fr
https://intra.staff.epita.fr