[Date Prev][Date Next] [Chronological] [Thread] [Top]

Re: Possible incorrect setup in slapd.conf with relation to Kerberos config.

At 10:34 PM 6/5/2004, The Shell wrote:
>The Shell wrote:
>>Pardon me if this makes so Simple to you. I m new in this terminology.
>>What is ou=People or ou=Ethers defined in the slapd.conf ?
>>I m just afraid there is corresponding setup in my enviornment so my test fail.
>>I suspect the followin setting is not consistent or may be not consistent to the available Principals in my Kerberos server,
>>but I get confused, so hopefully you can give advise to try a different config.
>>Here is partial config of the slapd.conf file:
>>sasl-realm      XYZ.COM
>>sasl-host       kerberos.xyz.com
>>       uid=Manager,cn=xyz.com,cn=gssapi,cn=auth
>>       uid=Manager,dc=xyz,dc=com
>>       uid=(.*),cn=authtec.com,cn=gssapi,cn=auth
>>       uid=$1,ou=People,dc=authtec,dc=com
>Sorry, a typing mistake, it should be:
>      uid=(.*),cn=xyz.com,cn=gssapi,cn=auth
>      uid=$1,ou=People,dc=xyz,dc=com
>>Here is a list of Principals in my Kerberos server: (Heimdal Kerberos 5)
>>root@fbsd [1:03pm] [...etc/openldap]# ktutil list
>>Vno  Type           Principal                           1  
>>des-cbc-crc    host/kerberos.xyz.com@XYZ.COM
>>1  des-cbc-md4    host/kerberos.xyz.com@XYZ.COM
>>1  des-cbc-md5    host/kerberos.xyz.com@XYZ.COM
>>1  des3-cbc-sha1  host/kerberos.xyz.com@XYZ.COM
>>1  des-cbc-crc    host/fbsd.xyz.com@XYZ.COM   1  des-cbc-md4    
>>host/fbsd.xyz.com@XYZ.COM    1  des-cbc-md5    
>>host/fbsd.xyz.com@XYZ.COM   1  des3-cbc-sha1  
>>host/fbsd.xyz.com@XYZ.COM    1  des-cbc-crc    
>>ldap/dev.xyz.com@XYZ.COM    1  des-cbc-md4    
>>ldap/dev.xyz.com@XYZ.COM   1  des-cbc-md5    
>>ldap/dev.xyz.com@XYZ.COM   1  des3-cbc-sha1  
>>ldap/dev.xyz.com@XYZ.COM    1  des-cbc-crc    
>>1  des-cbc-md4    ldap/localhost.xyz.com@XYZ.COM
>>1  des-cbc-md5    ldap/localhost.xyz.com@XYZ.COM
>>1  des3-cbc-sha1  ldap/localhost.xyz.com@XYZ.COM

no ldap/kerberos.xyz.com@XYZ.COM?

>>All of the above principles are refered to one Kerberos server.
>>In user Manager:
>>Manager@fbsd [1:06pm] [~]> klist
>>Credentials cache: FILE:/tmp/krb5cc_1002
>>      Principal: Manager@XYZ.COM
>>Issued           Expires          Principal                          
>>Jun  6 11:48:25  Jun  6 21:48:25  krbtgt/XYZ.COM@XYZ.COM       Jun  6 11:49:04  Jun  6 21:48:25  ldap/localhost.xyz.com@XYZ.COM