[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: importing an existing base into ldap

On Wed, May 21, 2008 at 5:06 PM, Guillaume Rousse
<Guillaume.Rousse@inria.fr> wrote:
> Hello list.
> I'm trying to setup an ldap backend for heimdal. I was interested bing able
> to import an already existing one, if possible.

If I understand well your situation, you don't need to import
anything. I assume that you already have a working LDAP tree.
You install heimdal, with ldap backend and basedn somewhere in the
tree. Now, when you add a principal, it gets located under the
kerberos basedn.
Stop heimdal, and modify the basedn to your top basedn or any other
point which is a common parent of your initial kerberos basedn and
your users entries. After restarting heimdal, the principals you add
will be created on the new basedn.
At this point heimdal-ldap is able to find your user entries,
althought it does not recognize the as principals. Until you add the
proper attributes (principal name and kvno, plus flags to made it
usable). And you will see while listing principals.
Then, you change the password using kadmin, and that is.

In my opinion, this is even a better method to create the principal
that raw kadmin because you have much more control over the entry dn
as well as the branch where it resides.

If you don't want to start from scratch, the script below might serve
as starting point to

Javier Palacios