Hello.
I am also confused as hell.
I have installed MIT kerberos and ripped it out again.
I have installed Heimdal and ripped it out again.
repeat, rinse...
I now have heimdal in. I believe I have a working and
usable ldap server - just no clue on what to put it in
to make anything work. I believe I also have a working
ssl/sasl config etc... but I can only sometimes get it to
work and then without changing anything, it will stop working.
Basically, it seems to me like there are 3 or 4 different programs each
with their own idea of how things should work.. and making one work
seems to break another.
I have a solaris 8 box... with multiple IPs on a single interface device.
This seems to cause no end of confusion as the error messages
are little more than "error" or "invalid data" ... NEVER, and I repeat,
NOT ONCE EVER have ANY of the programs ever stated just what is
invalid or what does not match. You know, something like "Gee,
your cert is signed to host blah.domain, but you are running against
foo.domain" or "attempting to use auth 'blah' but 'blah" is not
found in database/configfile [food]"
A web server can run hosting multiple domains - what about an
ldap server? Is there a "bind" type config directive? Right now,
I have to change my hostname, launch ldap and then change my hostname
back. It also now seems that after a while, the service just stops working.
No real errors or reason why.
... nevermind the fact that I can't even find a single example of how to set up
ldap for solaris to actually have solaris work (everything is out of date,
or doesn't work). still.
I have now spent 3 weeks straight on this. everyday.
Scott
-----Original Message-----
From: Tony Earnshaw [mailto:tonni@billy.demon.nl]
Sent: Monday, April 21, 2003 10:58 AM
To: Howard Chu
Cc: walter+openldap@efrei.fr; openldap-software@OpenLDAP.org
Subject: RE: ldap in heterogenous environment
søn, 20.04.2003 kl. 16.36 skrev Howard Chu:
> This has been discussed here before. The solution that we recommend is to use
> Heimdal with PADL's hdb-ldap backend and Symas' patches. (Not all of the
> patches were present in Heimdal 0.5.2 so it seems you still have to apply
> some by hand.) This approach gives the tightest integration, putting the
> Kerberos user database in LDAP itself.
I'm now totally confused. At the last count, I seem to remember reading
(without going back to it) that you said that Heimdal had bugs that made
it more or less useless and that one should use MIT Kerberos. Previously
I'd heard that MIT Kerberos was totally useless and that Heimdal was the
solution.
Could someone please elucidate?
Tony
--
Tony Earnshaw
Do not come to visit me with both arms the same length.
e-post: tonni@billy.demon.nl
www: http://www.billy.demon.nl
This mail message originated outside Commerzbank via the Internet. As a result, the sender's address is not verifiable.
**********************************************************************
This communication is confidential and is intended only for the person to whom it is addressed. If you are not that person you are not permitted to make use of the information and you are requested to notify Commerzbank Aktiengesellschaft, New York Branch immediately that you have received it and then to destroy the copy in your possession. Views expressed in this e-mail do not necessarily reflect the views of Commerzbank AG.
**********************************************************************