[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: importing an existing base into ldap

21 maj 2008 kl. 08.06 skrev Guillaume Rousse:

> Hello list.
> I'm trying to setup an ldap backend for heimdal. I was interested  
> bing able to import an already existing one, if possible.
> I created a principal in my LDAP backend, corresponding to one  
> already present in my existing base, and copied the two numerical  
> values (fields 4 and 8 using : as field separator) found in database  
> dump looking like encrypted keys as LDAP krb5Key attribute. However,  
> it doesn't work:
> [rousse@stalingrad Desktop]$ kinit
> rousse@SACLAY.INRIA.FR's Password:
> kinit: krb5_get_init_creds: KDC has no support for encryption type
> Of course, the database key is the same.
> Am I over-optimist here :) ?

Its possible for sure. Your problem is that kadmin dump produces  
something diffrent then what the ldap backend code expected.

The easist way to deal with this is to patch lib/hdb/print.c to  
instead of printing :mkvno:enctype:keydata instead dumped

This should not be a hard problem.

Compare lib/hdb/print.c:entry2string_int() and lib/hdb/hdb- 
ldap:LDAP_entry2mods() around:
	    ASN1_MALLOC_ENCODE(Key, buf, buf_size, &ent->entry.keys.val[i],  
&len, ret);