[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
Re: ldap <--> heimdal again
On Mon, Mar 14, 2005 at 06:05:28PM +0500, Ilia Chipitsine wrote:
> > I use:
> >
> >/etc/rc.conf:
> ># LDAP
> >slapd_enable="YES"
> >slapd_flags='-d 255 -h "ldapi:/// ldap:/// ldaps:///"'
> >slapd_sockets="/var/run/openldap/ldapi"
>
> yeah! :-)
> there's a guy running FreeBSD as well and he is going to help me!
>
> ... hmm, so, slapd is listening at /var/run/openldap/ldapi socket ?
> that is default socket and I checked, before I changed rc.conf options to
> /var/lib/ldapi, my installation of slapd was definetely listening it!
>
> >>>collection.
> >>>
> >>>1) how can I specify path to the socket openldap is listening on ?
> >
> > In /etc/rc.conf ( FreeBSD box )
>
> the question was "how does heimdal recognize where to look for that socket
> ?"
Hardcoded in
/usr/ports/security/heimdal/work/heimdal-0.6.3/lib/hdb/hdb-ldap.c
rc = ldap_initialize((LDAP **) & db->db, "ldapi:///");
>
> >>>It seems that is's expecting /var/heimdal/kdc.conf, where can I find
> >>>information on configuring that file ?
> >
> > I configured the kdc in /etc/krb5.conf
> >
> >[kdc]
> > database = {
> > realm = UNICAMP.BR
> > dbname = ldap:ou=kerberos,dc=yyyy,dc=xx
> > mkey_file = /xxxx/heimdal/m-key
> > acl_file = /xxxx/heimdal/kdc.acl
> > log_file = /xxxx/heimdal/db.log
> > }
>
> pretty much looks like my configuration!
>
> but it doesn't say anything about /var/run/openldap/ldapi ... so, how
> does heimdal knows where to find socket ?
Hardcoded
>
> also, I attached kdc.log (krb5kdc.log in my case), heidmail complains
> that file could not be found. Is it ok with your config ?
Yes
I think! :-)
kdc-database-log_file is /xxxx/heimdal/db.log and
kdc-messages-log is SYSLOG
[logging]
kdc = SYSLOG
admin_server = SYSLOG
default = SYSLOG
See http://www.opentechnet.com/auth-howto/ is a good read
>
> >
> >
> >>>
> >>>3) It seems that heimdal cannot find ldap configuration. What did I do
> >>>wrong ?
> >
> > You can create link to /etc/ldap.conf
> >
> > ln -s /usr/local/etc/openldap/ldap.conf /etc/ldap.conf
>
> so, heimdal also requires /etc/ldap.conf ?
>
> hmm, why doesn't it complain that it cannot find such file than ?
I don't know
>
> >
> >>>
> >>>4) when I tried to initialize database
> >
> > Include the follow acl for installation
> >
> > access to *
> > by sockurl="ldapi:///" write
>
> yes, that is already done. thanks.
>
> >
> >>>
> >>>sol# kadmin -l
> >>>kadmin> init CHEL.SKBKONTUR.RU
> >>>Realm max ticket life [unlimited]:
> >>>Realm max renewable ticket life [unlimited]:
> >>>kadmin: kadm5_create_principal: ldap_add_s: Can't contact LDAP server
> >>>sol#
> >>>
> >>>it seems there are errors, but how can I make it more verbose ?
> >>>I see nothing strange in logs, so I've no idea what did I do wrong.
> >>>Somebody, please, enlight me, how can I turn on debugging ?
> >>>
> >>>Cheers,
> >>>Ilia Chipitsine
> >>>
> >