list principals using ldap back end
Tom Parker
tparker at cbnco.com
Thu Sep 30 16:14:48 EDT 2010
Hi Kevin
This should "just work". kadmin and kadmin.local will list all the
principals found in any subtrees that are found in the Kerberos Realm
Container.
You should be able to see your subtrees in the LDAP tree under the realm
container using any LDAP browser.
In my test tree my Kerberos Realm Container is
cn=TEST.CBN,ou=kerberos,dc=test,dc=com.
This DN contains two krbSubTrees attributes, ou=people,dc=test,dc=com
and ou=services,dc=test,dc=com and all principals there are listed with
a list_principals command in kadmin.
Make sure your subtrees entries are correct. If they are not you can
use the kdb5_ldap_util modify command to add/fix them. I have also had
no issues directly editing these entries with an LDAP browser.
Tom
On 09/30/2010 03:10 PM, Kevin Longfellow wrote:
> Hi,
>
> I tried to find this in the documentation so if someone could point me in the
> right direction, I would appreciate it. I am trying to list all the kerberos
> principals created with a LDAP back end that are not in the realm container.
> Using kadmin list_principals only shows what is in the realm container. We have
> the user principals in a different cn by using -subtrees when the realm was
> created. It looks like kdb5_ldap_util might be able to do this?
>
> Thanks for any help with this.
>
> Kevin
>
>
>
>
> ________________________________________________
> Kerberos mailing list Kerberos at mit.edu
> https://mailman.mit.edu/mailman/listinfo/kerberos
More information about the Kerberos
mailing list