[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: Heimdal/OpenLDAP/Samba howto and bugreport

To: Love <lha@stacken.kth.se>
Subject: Re: Heimdal/OpenLDAP/Samba howto and bugreport
From: Tarjei Huse <tarjei@nu.no>
Date: Fri, 04 Jun 2004 17:41:53 +0200
Cc: heimdal-discuss@sics.se
In-Reply-To: <amllj6owyt.fsf@nutcracker.stacken.kth.se>
References: <1085567567.3321.234.camel@elprinsessekaja.mail.nu.no> <amr7t6f75f.fsf@nutcracker.stacken.kth.se> <1085671043.3320.2434.camel@elprinsessekaja.mail.nu.no> <am65ahsw7u.fsf@nutcracker.stacken.kth.se> <1085743718.3590.224.camel@elprinsessekaja.mail.nu.no> <am1xl38sne.fsf@nutcracker.stacken.kth.se> <1085844153.1553.24.camel@heimen.local> <amu0xwvkt0.fsf@nutcracker.stacken.kth.se> <1086034156.3165.423.camel@elprinsessekaja.mail.nu.no> <amllj6owyt.fsf@nutcracker.stacken.kth.se>
Reply-To: tarjei@nu.no
Sender: owner-heimdal-discuss@sics.se

On Wed, 2004-06-02 at 16:28, Love wrote:
> Tarjei Huse <tarjei@nu.no> writes:
> 
> > But for me one ldap-search-filter option is just as good if the
> > suggested filter is the one suggested above.
> >
> > What about a default base for adding heimdalentries that is != the
> > searchbase?
> 
> So I added code to do this. The option is [kdc]hdb-ldap-create-base. I've
> not added a filter hdb-ldap-search-filter option, but modified the search
> rule for samba entries to be searching for sambaSamAccount too.
> 
> I should document the search and creation rules that the hdb-ldap backend
> is using.
> 
> Can you test the snapshot that will be generate tonight ?
Ok, I've tested the snapshot, and it doesn't work. I tried to debug
things, but I think that maybe Howard Chu is a better one on this
problem. Here's what I get in the ldaplog when I do kinit:

Jun  4 17:29:26 elprinsessekaja slapd[6730]: conn=2 fd=7 ACCEPT from
PATH= (PATH=/var/run/slapd/ldapi)
Jun  4 17:29:26 elprinsessekaja slapd[6734]: conn=2 op=0 BIND dn=""
method=163
Jun  4 17:29:26 elprinsessekaja slapd[6734]: SASL [conn=2] Error: unable
to open Berkeley db /etc/sasldb2: Permission denied
Jun  4 17:29:26 elprinsessekaja slapd[6734]: conn=2 op=0 BIND
authcid="uidnumber=0+gidnumber=0,cn=peercred,cn=external,cn=auth@MAIL2.BERGFALD.NO"
Jun  4 17:29:26 elprinsessekaja slapd[6734]: conn=2 op=0 BIND
dn="krb5PrincipalName=kadmin/admin@MAIL2.BERGFALD.NO,sambaDomainName=bf,o=bf" mech=EXTERNAL ssf=0
Jun  4 17:29:26 elprinsessekaja slapd[6733]: do_search: invalid dn (^A)
Jun  4 17:29:26 elprinsessekaja slapd[6733]: conn=2 op=1 RESULT tag=101
err=34 text=invalid DN
Jun  4 17:29:26 elprinsessekaja slapd[6734]: conn=2 op=2 UNBIND
Jun  4 17:29:26 elprinsessekaja slapd[6734]: conn=2 fd=7 closed

Sometimes the text in the "indvalid dn(<text>)" is tarjei (the userid I
try to kinit as other times it's just some garbled text (like above).


This used to work. I tried to look at the code myself, but I couldn't
find the error.


In my slapd.conf I got:
sasl-mech_list:  gssapi
#sasl-secprops minssf=128
sasl-realm              MAIL2.BERGFALD.NO

sasl-host               elprinsessekaja.mail2.bergfald.no
sasl-regexp
"uidNumber=0\\\+gidNumber=.*,cn=peercred,cn=external,cn=auth"
"krb5PrincipalName=kadmin/admin@MAIL2.BERGFALD.NO,sambaDomainName=BF,o=bf"

sasl-regexp uid=(.+),cn=GSSAPI,cn=auth
  uid=$1,ou=People,o=bf

and cat /usr/lib/sasl2/slapd.conf gives:
keytab:        /etc/krb5.keytab.ldap


Thanks for helping.
Tarjei

> 
> Love

Follow-Ups:
- Re: Heimdal/OpenLDAP/Samba howto and bugreport
  - From: Gémes Géza <geza@kzsdabas.sulinet.hu>

References:
- Re: Heimdal/OpenLDAP/Samba howto and bugreport
  - From: Love <lha@stacken.kth.se>

Prev by Date: SASL with Kerberos
Next by Date: heimdal compatible with W2K3?
Prev by thread: Re: Heimdal/OpenLDAP/Samba howto and bugreport
Next by thread: Re: Heimdal/OpenLDAP/Samba howto and bugreport
Index(es):
- Date
- Thread