[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: importing an existing base into ldap

To: heimdal-discuss@sics.se, Javier Palacios <javiplx@gmail.com>
Subject: Re: importing an existing base into ldap
From: Guillaume Rousse <Guillaume.Rousse@inria.fr>
Date: Fri, 23 May 2008 15:59:52 +0200
In-Reply-To: <a64bf030805220121j1d4ea83l9c6dcf7485b6b1ba@mail.gmail.com>
List-Archive: <http://list.sics.se/sympa/arc/heimdal-discuss>
List-Help: <mailto:sympa@sics.se?subject=help>
List-Id: <heimdal-discuss.sics.se>
List-Owner: <mailto:heimdal-discuss-request@sics.se>
List-Post: <mailto:heimdal-discuss@sics.se>
List-Subscribe: <mailto:sympa@sics.se?subject=subscribe%20heimdal-discuss>
List-Unsubscribe: <mailto:sympa@sics.se?subject=unsubscribe%20heimdal-discuss>
References: <48343A75.2020100@inria.fr> <a64bf030805220055v221c1f4m8c771bc69684fc8f@mail.gmail.com> <48352B55.60606@inria.fr> <a64bf030805220121j1d4ea83l9c6dcf7485b6b1ba@mail.gmail.com>
Reply-To: heimdal-discuss@sics.se, Guillaume Rousse <Guillaume.Rousse@inria.fr>
User-Agent: Thunderbird 2.0.0.14 (X11/20080504)

Javier Palacios a écrit :
>> No, I do have one already running KDC with existing principals stored in as
>> standard flat base (I did not well understood the interest of LDAP backend
>> when it was set up). I need to import it, rather than for users to retype
>> their password again.
> 
> So my mail was nearly useles ....
> It might be an overweighted solution and maybe not feasible, but have
> you though about setting up a ldap-kdc as a slave, and when it gets
> replicated promote it to master and closing the initial berkeley-kdc?
If finally did it, using a private ldap server. However, for an unknown 
reason, the slave KDC tries to add principal by suffixing DN with 
'-NEW', making the server refuse them:

2008-05-23T15:38:48 hdb_store: ldap_add_s: noe@LILLE.FUTURS.INRIA.FR 
(DN=krb5PrincipalName=noe@LILLE.FUTURS.INRIA.FR,ou=kerberos,dc=futurs,dc=inria,dc=fr-NEW) 
Server is unwilling to perform: no global superior knowledge

Here is my kdc configuration:
[kdc]
database = {
     dbname = ldap:ou=kerberos,dc=futurs,dc=inria,dc=fr
     acl_file = /var/lib/heimdal/kadmind.acl
     mkey_file = /var/lib/heimdal/m-key
}

I also tried hpropd, but it directly creates a file database on the disk.
-- 
Guillaume Rousse
Moyens Informatiques - INRIA Futurs
Tel: 01 69 35 69 62

Follow-Ups:
- Re: importing an existing base into ldap
  - From: "Javier Palacios" <javiplx@gmail.com>

References:
- importing an existing base into ldap
  - From: Guillaume Rousse <Guillaume.Rousse@inria.fr>
- Re: importing an existing base into ldap
  - From: "Javier Palacios" <javiplx@gmail.com>
- Re: importing an existing base into ldap
  - From: Guillaume Rousse <Guillaume.Rousse@inria.fr>
- Re: importing an existing base into ldap
  - From: "Javier Palacios" <javiplx@gmail.com>

Prev by Date: Re: PIPE ccache implementation for Heimdal
Next by Date: Re: importing an existing base into ldap
Prev by thread: Re: importing an existing base into ldap
Next by thread: Re: importing an existing base into ldap
Index(es):
- Date
- Thread