Changing the KDC search base dynamically
Simo Sorce
simo at redhat.com
Wed Dec 4 11:57:41 EST 2013
On Wed, 2013-12-04 at 11:10 +0530, Shani Ranasinghe wrote:
> Hi,
>
> I am a newbie to Kerberos.
>
> I have a set up where the realm (YYY.ORG) has many OU's (an OU for a
> tenant). The structure is as follows
> |_dc=yyy,dc=org
> |_ou=Groups
> |_u=Users
> |_ou=kkk.com
> |_ou=groups
> |_ou=users
> Currently when starting up the KDC the search base is sent as a hard coded
> string, and it send ou=Users,c=yyy,dc=org as the search base. I need to
> change the search base to ou=users,ou=kkk.com,dc=yyy,dc=org, after the KDC
> has been started, and without restarting the KDC. Can I do this by maybe a
> client side configuration file(krb5.conf?)? I need to change this everytime
> I do a Kinit to get the TGT.
>
> Appreciate any help.
Why don't you simply set the base to dc=yyy,dc=org and let the KDC see
the whole tree ? How would the KDC know when to change bases dynamically
anyway ?
Simo.
--
Simo Sorce * Red Hat, Inc * New York
More information about the krbdev
mailing list