[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: Heimdal-Openldap how to store principals?



Title:
Andrew Bacchi írta:
Jose,

Thanks for your help.

I rebuilt Heimdal using additional --with-openssl=path/to/openssl 
directives, hoping that was my main problem.  I don't think so.

I tried 'init RPI.EDU, and these files are deposited in the pwd.   These
are indeed the kerberos database files.  If I delete them, all kerberos
accounts are lost.  The files and accounts are recreated upon an 'init
RPI.EDU' command.
ldap:ou=kerberos,dc=rpi,dc=edu.dir
ldap:ou=kerberos,dc=rpi,dc=edu.log
ldap:ou=kerberos,dc=rpi,dc=edu.lock
ldap:ou=kerberos,dc=rpi,dc=edu.pag

So, it appears I don't have the Unix Socket working correctly.  Is this
connected to ssl or cyrus-sasl. or is it independent of either?  I will
have to do some reading on sockets.

The system log reports this from kerberos:

Aug 27 10:38:44 ldap3 kernel: application bug: kadmind(30385) has
SIGCHLD set to SIG_IGN but calls wait().
Aug 27 10:38:44 ldap3 kernel: (see the NOTES section of 'man 2 wait').
Workaround activated.


On Fri, 2004-08-27 at 10:40, Jose Gonzalez Gomez wrote:
  
    Andrew,

Andrew Bacchi wrote:

    
Jose,

I have been following your HowTo all along, thanks for the great info. 
I am stuck at section 6.2.2, init EXAMPLE.COM.  You say, "This should
have created several entries in our LDAP directory under the system
branch.", I don't see them under any branch.  Does Kerberos create these
accounts as would an LDIF?
 

      
    Yes, the init command creates those entries. If the entries don't 
get created you must have something wrong in your environment. (There's 
a typo there, it should say kerberos branch instead of system branch).

    
I have Heimdal configured with:
configure --prefix=%{heimdalprefix}
	--with-openldap=/var/ldap/etc/openldap/ --disable-berkeley-db
 

Is this OK?
 

      
    Unfortunately I use Gentoo, so I don't know what compile options are 
being used. I guess they are right... anyway, input on this issue is 
welcome to be included in the howto. If I have time I will investigate 
this to include this information in the howto.

    
Also, I can see the server listening on the Unix Socket.  But are there
possible permission problems?
unix  2      [ ACC ]     STREAM     LISTENING     469921
/var/ldap/var/run/ldapi

 

      
    Maybe... take a look at the OpenLDAP logs. Heimdal uses the unix 
socket to connect, so you should see logs of the connection being made. 
Could you post the content of your logs?

    Best regards
    Jose

    
I suspect, that configure didn't find the ldap stuff at
--with-openldap=/var/ldap/etc/openldap/

I would suggest, to try with

--with-openldap=/var/ldap/

as heimdal's configure looks for openldap libraries in --with-openldap/lib
and for openldap include files in --with-openldap/include

I suspect, that /var/ldap/etc/openldap/ is the directory, where your openldap config files reside.


Good Luck,


Geza Gemes