Reusing existing people-entries for the LDAP-backend
Martin Schuster
Martin.Schuster1 at infineon.com
Wed May 14 04:58:31 EDT 2008
Using the two documents that I linked in
<g0e35v$h19$1 at athen03.muc.infineon.com> today,
http://web.mit.edu/kerberos/krb5-1.6/krb5-1.6.3/doc/krb5-admin.html#Configuring-Kerberos-with-OpenLDAP-back_002dend
http://blogs.sun.com/wfiveash/entry/the_rough_guide_to_configuring
I managed to get Kerberos to store it's database in LDAP.
Only issue that I've encountered:
I want to reuse the existing entries in our ou=people tree, and in order to
do so I can of course use
kdb5_ldap_util [...] modify -subtrees 'ou=people,[...]'
to get Kerberos to look for the krbPrincipalName in that tree.
But if I now add a principal by first setting the krbPrincipalName
of the user in ou=people, and then issuing
kadmin.local -q 'addprinc joeuser'
the additional attributes (e.g. krbPrincipalKey) are still stored in
the Kerberos container tree.
I tried to use ou=people as container tree by issuing
kdb5_ldap_util [...] modify -containerref 'ou=people,[...]'
but then addprinc complains:
add_principal: Principal or policy already exists while creating
"joeuser@[...].COM".
Is there a way to get all data into the people-tree?
I'm not too afraid to hack around in plugins/kdb/ldap/ if necessary,
but would be glad if you could give me some hints what I'd need
to do there :)
tia,
--
Infineon Technologies IT-Services GmbH Martin.Schuster1 at infineon.com
Lakeside B05, 9020 Klagenfurt, Austria Martin Schuster
FB: LG Klagenfurt, FN 246787y +43 5 1777 3517
More information about the Kerberos
mailing list