[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: Trouble with ldap backend..

To: heimdal-discuss@sics.se
Subject: Re: Trouble with ldap backend..
From: Andreas Hasenack <ahasenack@terra.com.br>
Date: Wed, 17 May 2006 13:37:19 -0300
In-Reply-To: <20060517050029.17118.qmail@web32606.mail.mud.yahoo.com>
References: <20060517050029.17118.qmail@web32606.mail.mud.yahoo.com>
Sender: owner-heimdal-discuss@sics.se
User-Agent: KMail/1.8.2

Em Qua 17 Mai 2006 02:00, jay alvarez escreveu:
> Hi,
>
> I already have a working heimdal with ldap backend..
> However, I have some confusions..
>
> First, when I run kadmin -l and do some stuffs like
> removing a principal, there is a log file created in
> the current working directory that looks like this:
>
> ldap:ou=krb5accounts,o=example,dc=com.log

This log file is used for replication.

>
> in my krb5.conf...
>
> [logging]
>         kdc = FILE:/var/heimdal/logs/krb5kdc.log
>         admin_server =
> FILE:/var/heimdal/logs/kadmin.log
>         kdc = SYSLOG
>         admin_server = SYSLOG
>         default = SYSLOG
>
> -------------------
> [kdc]
>         database = {
>         acl_file = /var/heimdal/kadmind.acl
>         mkey_file = /var/heimdal/m-key
>         dbname  =
> ldap:ou=krb5accounts,o=example,dc=com

Seems that if log_file inside database{} is not specified, the default is to 
use the database name plus the ".log" suffix. This gives the wierd filename 
you saw, because the database name is not a file, but an LDAP "name". The 
same behaviour happens with the acl_file (I sent a patch to this list a while 
ago to better describe this in the krb5.conf manpage).

> Second problem..
> I tried reinstalling openldap and heimdal in another
> machine.. create a dn(ou=krb5accounts) where my
> principals will be stored under, copied the same
> config files(slapd.conf, krb5.conf etc. with some
> modifications) from the old machine, then run the
> slapd with ldapi:///...
>
> and then run kstash...
> kadmin -l
> then init our realm...
> tried adding a principal... and it worked.
>
> However when I tried ldapsearch my directory,
> ou=krb5accounts contains nothing.. On the same
> directory where I run kadmin, now I can see another
> file aside from the logfile.
>
> The same filename but ending in .db:
> ldap:ou=krb5accounts,o=example,dc=com.db
>
> I tried deleting it(.db) and issued a "list *", and
> then it says opening database: dbopen
> (ldap:ou=krb5accounts,o=example,dc=com): No such file
> or directory..
>
> How can this be... heimdal didn't actually stored my
> principals in my ldap directory, but instead in that
> db file.

Are you sure this heimdal on the other server was built with ldap support?

Follow-Ups:
- Re: Trouble with ldap backend..
  - From: jay alvarez <kerber0sb0y@yahoo.com>
- Re: Trouble with ldap backend..
  - From: Warren Turkal <wt@atmos.colostate.edu>

References:
- Trouble with ldap backend..
  - From: jay alvarez <kerber0sb0y@yahoo.com>

Prev by Date: Trouble with ldap backend..
Next by Date: Re: Trouble with ldap backend..
Prev by thread: Trouble with ldap backend..
Next by thread: Re: Trouble with ldap backend..
Index(es):
- Date
- Thread