LDAP searches for Kerberos entries

Todd Grayson tgrayson at cloudera.com
Wed Feb 4 21:35:45 EST 2015 

ldapsearch -x -H [ ldap://host.fqdn.name:389 | ldaps://host.fqdn.name:636 ]
-D "bind account from your config" -w [that account's password] -b [search
base like ou=People,dc=example,dc=com from your conf]
"(&(objectclass=person)(uid=[your username]))

You can add -LLL after the -x to enable console debugging output to help
fine tune.

Review your configuration for ldap target information per discussion at
http://web.mit.edu/kerberos/krb5-devel/doc/admin/conf_ldap.html

The dump will be the full entry, including objectClasses which are the
definition of what attributes are available to an entry and their search
and indexing syntax.  Your this will frame what you need to know as far as
coding over the target ldap entry... zytrax.org having one of the better
tutorials I've found for ldap in general.


On Wed, Feb 4, 2015 at 1:17 PM, Chris Hecker <checker at d6.com> wrote:

> I use LDAP to store additional stuff about users, so the krb stuff is a
> subtype (can't remember what the real term is) of my main record type.  I
> rarely search on the krb fields.
>
> Chris
>  On Feb 4, 2015 12:09 PM, "Paul B. Henson" <henson at acm.org> wrote:
>
> > > From: Michael Ströder
> > > Sent: Wednesday, February 04, 2015 3:25 AM
> > >
> > > Maybe some of you are using MIT Kerberos with LDAP backend.
> > >
> > > For creating a decent web2ldap search form template for the Kerberos
> > schema
> > > I'd like to know which kind of searches you usually do when looking
> into
> > your
> > > backend via LDAP.
> >
> > We have been using the LDAP backend for kerberos for a few years now,
> but I
> > must confess I've never really considered accessing LDAP directly, it's
> > always been just an opaque backend storage engine for kerberos itself...
> >
> >
> > ________________________________________________
> > Kerberos mailing list           Kerberos at mit.edu
> > https://mailman.mit.edu/mailman/listinfo/kerberos
> >
> ________________________________________________
> Kerberos mailing list           Kerberos at mit.edu
> https://mailman.mit.edu/mailman/listinfo/kerberos
>



-- 
Todd Grayson
Customer Operations Engineering

More information about the Kerberos mailing list