Re: LDAP backend

[Robert Fitzpatrick <robert@webtent.com>]

On Sun, 2004-03-21 at 13:15, Robert Fitzpatrick wrote: 
> It seems my FreeBSD 5.2.1 system has /usr/bin/kadmin and after I did a
> port package install of Heimdal-0.6 with LDAP support, that is located
> in /usr/local/sbin/kadmin and that is the one with the LDAP support
> according to ldd. But still, when I run '/usr/local/sbin/kadmin -l' and
> init WEBTENT.NET, it writes the [database] to
> 'ldap:ou=KerberosPrincipals,dc=webtent,dc=net' as files to disk like the
> support did not exist for LDAP. Also, I have [logging] setup in
> /etc/krb5.conf and no logs being generated. I am following the document
> at PADL http://www.padl.com/Research/Heimdal.html. Can someone tell me
> what I might be missing?

I solved this issue by re-building Heimdal under /usr, now I 'can't
contact LDAP server'.

Following the doc, it does not mention any need for a keytab or
principal. Are either of these needed? How can I confirm the openldap is
allowing connections on 'ldapi:///'?

esmtp# ps -ax | grep slap
20011  ??  Ss     0:03.14 /usr/local/libexec/slapd -h ldapi:/// ldap:///

The LDAP directory queries are working fine and the DN listed for the
database dbname location in /etc/krb5.conf exists, should it have any
certain ObjectClass's:

esmtp# cat /etc/krb5.conf
[libdefaults]
        default_realm = WEBTENT.NET
        clockskew = 300

[realms]
        WEBTENT.NET = {
                kdc = esmtp.webtent.net
                admin_server = esmtp.webtent.net
        }

[domain_realm]
        .webtent.net = WEBENT.NET

[kdc]
        database = {
                dbname = ldap:ou=Users,dc=webtent,dc=net
                mkey_file = /var/heimdal/m-key
        }


-- 
Robert