ldap backend issues
Thomas Mueller
thomas at chaschperli.ch
Fri Jan 16 04:15:33 EST 2009
hi
i'm playing with debian lenny* and the new kerberos ldap backend. i've
stumbled upon a few issues.
first, the online documentation**, says to create new ACL's ending with
"by * none". this disabled the access for all except the two kerberos
users. after reading man slapd.access it may be better read "by * break"
to let slapd evaluate the next access statements?
second, i've configured the openldap like the sample krb5.conf file in
chapter 3.3.11. altough i've written the kdc and adm dn the kdc-server
and admin-server don't start without supplying "-x host=ldapi://<path> -x
binddn=cn=kdc-service,dc=test". is /etc/krb5.conf the right place? don't
i have to write some ldap config to /etc/krb5kdc/kdc.conf? "man kdc.conf"
doesn't reveal anything about "ldap".
third, is there some way to export the encrypted passwords from a non-
ldap-backend and import them into the ldap-backend?
Thanks for any hints.
- Thomas
*slapd 2.4.11, mit krb5 1.6.dfsg.4~beta1 (think this is 1.6.4 beta1)
** http://web.mit.edu/kerberos/krb5-1.6/krb5-1.6.3/doc/krb5-
admin.html#Configuring-Kerberos-with-OpenLDAP-back_002dend
More information about the Kerberos
mailing list