Kerberos + LDAP question
pascal.jakobi at gmail.com
Thu Apr 30 09:08:23 EDT 2015
I have setup a KDC and an openldap server. Both seem to work like a
charm and are linked (krb5-server-ldap package).
Only a small issue remains. Not sure this is not a limitation in the server.
Here is what I see.
1/ If I create a principal in kadmin.local, "/*addprinc
test1 at JAKOBI.FR*/", the corresponding principal is stored in the realm
subtree in the directory.
2/ If I create a principal in kadmin.local with its LDAP DN, "/*addprinc
-x dn="uid=test2,ou=people,dc=jakobi,dc=fr*//*" test2 at JAKOBI.FR*/", the
DN entry is updated with the kerberos info stuff (principal name, etc.)
- which is fine. However, the principal does not seem to be created in
the directory, but rather on the KDC.
Is this the expected behaviour ?
If so, should I update manually, the DN and the principal entry by hand
in the Directory ?
Thanks in advance
Pascal Jakobi <mailto:pascal.jakobi at gmail.com>
116 rue de Stalingrad
93100 Montreuil, France
Tel : +33 6 87 47 58 19
More information about the krbdev