Convert ldap user principal

Chris Hecker checker at d6.com
Thu Feb 9 15:55:15 EST 2012


You can do this pretty trivially with pure ldap, and something like perl
or your favorite scripting language (with an ldap api), if I understand
what you're trying to do.  The krb5 stuff in the ldap entries are just
regular ldap attributes, I've mucked with them manually in ldapvi
before, moving krb attributes onto a separately created ldap entry, for
example.  As long as the krb5 username and realm aren't changing and you
make sure you get everything, you should have no problems.

Chris

On 2012/01/26 11:43, Raffael Sahli wrote:
> Hi
> 
> How can I convert a principal which was created with -x 
> dn="cn=myuser,dc=exam,dc=com" on a ldap backend
> into a normal principal located under 
> krbPrincipalName=myuser at MYREALM.COM,cn=MYREALM.COM,dc=exam,dc=com.
> I have to convert all my user principals to "normal" principals.
> 
> Thanks for your help
> 


More information about the Kerberos mailing list