[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: ldap <--> heimdal again

To: Marcos Aguinaldo Forquesato <guina@ccuec.unicamp.br>
Subject: Re: ldap <--> heimdal again
From: Ilia Chipitsine <ilia@paramon.ru>
Date: Mon, 14 Mar 2005 18:05:28 +0500 (YEKT)
Cc: Jonathan Higgins <jhiggins@kennesaw.edu>, heimdal-discuss@sics.se
In-Reply-To: <20050314124613.GA5902@ccuec.unicamp.br>
References: <s234399a.019@greatowl.kennesaw.edu> <20050314091837.U82009@office.paramon.ru><20050314124613.GA5902@ccuec.unicamp.br>
Sender: owner-heimdal-discuss@sics.se

> 	I use:
>
> /etc/rc.conf:
> # LDAP
> slapd_enable="YES"
> slapd_flags='-d 255 -h "ldapi:/// ldap:/// ldaps:///"'
> slapd_sockets="/var/run/openldap/ldapi"

yeah! :-)
there's a guy running FreeBSD as well and he is going to help me!

... hmm, so, slapd is listening at /var/run/openldap/ldapi socket ?
that is default socket and I checked, before I changed rc.conf options to
/var/lib/ldapi, my installation of slapd was definetely listening it!

>>> collection.
>>>
>>> 1) how can I specify path to the socket openldap is listening on ?
>
> 	In /etc/rc.conf ( FreeBSD box )

the question was "how does heimdal recognize where to look for that socket 
?"

>>> It seems that is's expecting /var/heimdal/kdc.conf, where can I find
>>> information on configuring that file ?
>
> 	I configured the kdc in /etc/krb5.conf
>
> [kdc]
>    database = {
>        realm = UNICAMP.BR
>        dbname = ldap:ou=kerberos,dc=yyyy,dc=xx
>        mkey_file = /xxxx/heimdal/m-key
>        acl_file = /xxxx/heimdal/kdc.acl
>        log_file = /xxxx/heimdal/db.log
>    }

pretty much looks like my configuration!

but it doesn't say anything about /var/run/openldap/ldapi ... so, how
does heimdal knows where to find socket ?

also, I attached kdc.log (krb5kdc.log in my case), heidmail complains
that file could not be found. Is it ok with your config ?

>
>
>>>
>>> 3) It seems that heimdal cannot find ldap configuration. What did I do
>>> wrong ?
>
> 	You can create link to /etc/ldap.conf
>
> 	ln -s /usr/local/etc/openldap/ldap.conf /etc/ldap.conf

so, heimdal also requires /etc/ldap.conf ?

hmm, why doesn't it complain that it cannot find such file than ?

>
>>>
>>> 4) when I tried to initialize database
>
> 	Include the follow acl for installation
>
> 	access to *
>        by sockurl="ldapi:///" write

yes, that is already done. thanks.

>
>>>
>>> sol# kadmin -l
>>> kadmin> init CHEL.SKBKONTUR.RU
>>> Realm max ticket life [unlimited]:
>>> Realm max renewable ticket life [unlimited]:
>>> kadmin: kadm5_create_principal: ldap_add_s: Can't contact LDAP server
>>> sol#
>>>
>>> it seems there are errors, but how can I make it more verbose ?
>>> I see nothing strange in logs, so I've no idea what did I do wrong.
>>> Somebody, please, enlight me, how can I turn on debugging ?
>>>
>>> Cheers,
>>> Ilia Chipitsine
>>>
>

Follow-Ups:
- Re: ldap <--> heimdal again
  - From: Marcos Aguinaldo Forquesato <guina@ccuec.unicamp.br>

References:
- Re: ldap <--> heimdal again
  - From: "Jonathan Higgins" <jhiggins@kennesaw.edu>
- Re: ldap <--> heimdal again
  - From: Ilia Chipitsine <ilia@paramon.ru>
- Re: ldap <--> heimdal again
  - From: Marcos Aguinaldo Forquesato <guina@ccuec.unicamp.br>

Prev by Date: Re: ldap <--> heimdal again
Next by Date: Re: ldap <--> heimdal again
Prev by thread: Re: ldap <--> heimdal again
Next by thread: Re: ldap <--> heimdal again
Index(es):
- Date
- Thread