ldap backend issues
Michael Ströder
michael at stroeder.com
Fri Jan 16 08:33:21 EST 2009
Thomas Mueller wrote:
> first, the online documentation**, says to create new ACL's ending with
> "by * none". this disabled the access for all except the two kerberos
> users. after reading man slapd.access it may be better read "by * break"
> to let slapd evaluate the next access statements?
I'd suggest to examine ACL issues by setting an appropriate log level
and clarify what you find in the logs on the openldap-software mailing list.
> second, i've configured the openldap like the sample krb5.conf file in
> chapter 3.3.11. altough i've written the kdc and adm dn the kdc-server
> and admin-server don't start without supplying "-x host=ldapi://<path> -x
> binddn=cn=kdc-service,dc=test". is /etc/krb5.conf the right place? don't
> i have to write some ldap config to /etc/krb5kdc/kdc.conf? "man kdc.conf"
> doesn't reveal anything about "ldap".
I also had some problems. But you should really try to collect some
Kerberos error messages and post them here. Also posting you krb5.conf
and kdc.conf would help.
> *slapd 2.4.11,
You should use 2.4.13. Many issues have been fixed. I can't tell whether
the fixes are relevant to your setup though.
Ciao, Michael.
More information about the Kerberos
mailing list