[Date Prev][Date Next] [Chronological] [Thread] [Top]

Re: Possible incorrect setup in slapd.conf with relation to Kerberos config.

The Shell wrote:


Pardon me if this makes so Simple to you. I m new in this terminology.
What is ou=People or ou=Ethers defined in the slapd.conf ?
I m just afraid there is corresponding setup in my enviornment so my test fail.
I suspect the followin setting is not consistent or may be not consistent to the available Principals in my Kerberos server,
but I get confused, so hopefully you can give advise to try a different config.

Here is partial config of the slapd.conf file:
sasl-realm      XYZ.COM
sasl-host       kerberos.xyz.com


Sorry, a typing mistake, it should be: sasl-regexp uid=(.*),cn=xyz.com,cn=gssapi,cn=auth uid=$1,ou=People,dc=xyz,dc=com

Here is a list of Principals in my Kerberos server: (Heimdal Kerberos 5)
root@fbsd [1:03pm] [...etc/openldap]# ktutil list

Vno Type Principal 1 des-cbc-crc host/kerberos.xyz.com@XYZ.COM
1 des-cbc-md4 host/kerberos.xyz.com@XYZ.COM
1 des-cbc-md5 host/kerberos.xyz.com@XYZ.COM
1 des3-cbc-sha1 host/kerberos.xyz.com@XYZ.COM
1 des-cbc-crc host/fbsd.xyz.com@XYZ.COM 1 des-cbc-md4 host/fbsd.xyz.com@XYZ.COM 1 des-cbc-md5 host/fbsd.xyz.com@XYZ.COM 1 des3-cbc-sha1 host/fbsd.xyz.com@XYZ.COM 1 des-cbc-crc ldap/dev.xyz.com@XYZ.COM 1 des-cbc-md4 ldap/dev.xyz.com@XYZ.COM 1 des-cbc-md5 ldap/dev.xyz.com@XYZ.COM 1 des3-cbc-sha1 ldap/dev.xyz.com@XYZ.COM 1 des-cbc-crc ldap/localhost.xyz.com@XYZ.COM
1 des-cbc-md4 ldap/localhost.xyz.com@XYZ.COM
1 des-cbc-md5 ldap/localhost.xyz.com@XYZ.COM
1 des3-cbc-sha1 ldap/localhost.xyz.com@XYZ.COM

All of the above principles are refered to one Kerberos server.

In user Manager:
Manager@fbsd [1:06pm] [~]> klist
Credentials cache: FILE:/tmp/krb5cc_1002
      Principal: Manager@XYZ.COM

Issued Expires Principal Jun 6 11:48:25 Jun 6 21:48:25 krbtgt/XYZ.COM@XYZ.COM Jun 6 11:49:04 Jun 6 21:48:25 ldap/localhost.xyz.com@XYZ.COM

Thanks for the help Sam