[Date Prev][Date Next] [Chronological] [Thread] [Top]

Re: OpenLDAP/Heimdal integration questions (sorry if OT)




    I have patched the sources to do subtree searches, and it seems to be working flawlessly. The command "list *" in kadmin lists all the principals found in the entire subtree, and I have been able to successfully kinit using an entry located in a sub level.

    Best regards

Jose Gonzalez Gomez wrote:

    About the subtree scope... I have taken a look to hdb-ldap.c (Heimdal 0.6.2), and it seems the one level scope is hard wired in two points: line 588, in LDAP__lookup_princ, and line 934 in LDAP_firstkey. I will change them to see what I get, but I'm just curious... is everybody maintaining a flat directory even with lot of entries? Does this have any advantage over organizing your directory using ou's? Maybe I'm missing anything?

    Best regards

Jose Gonzalez Gomez wrote:

    Hi there,

    I'm working on the integration of Heimdal and OpenLDAP, and I have some doubts:
  • Heimdal seems to be searching its entries in just one level of the LDAP tree, but I would like to have the entries organized in several levels. Is this configurable/hard wired? Am I doing anything wrong?
  • Heimdal and OpenLDAP communicate using an unix socket (ldapi://). The location of the socket is configurable in OpenLDAP, but can you configure this location in Heimdal, or is the /var/lib/ldapi location hard wired?
  • I have succeded in initializing a KDC database and adding some entries using the administration tool in Heimdal. I have noticed that Heimdal creates several binary values under the krb5Key attribute. I'm able to create these entries with ldapadd or using a graphical LDAP client except for the krb5Key values. Is there any easy way of creating these values without using the Heimdal administration tool? Until now what I have done is to create the entry and then set (change) the password using the Heimdal administration tool.
    Sorry if this is a bit off topic, but you seem to have a very good knowledge about these issues, and this list seems more active than the heimdal list.

    Thanks in advance, best regards
    Jose