[Date Prev][Date Next] [Chronological] [Thread] [Top]

Re: Possible incorrect setup in slapd.conf with relation to Kerberos config.

To: The Shell <samwun@hgcbroadband.com>
Subject: Re: Possible incorrect setup in slapd.conf with relation to Kerberos config.
From: "Kurt D. Zeilenga" <Kurt@OpenLDAP.org>
Date: Sun, 06 Jun 2004 14:08:41 -0700
Cc: openldap-software@OpenLDAP.org
In-reply-to: <40C2ACD4.4030306@hgcbroadband.com>
References: <1086467012.3179.31.camel@localhost.localdomain> <8BF6D5DC0FFEFC6AD2516B9F@cadabra-dsl.stanford.edu> <40C2A9C4.2010909@hgcbroadband.com> <40C2ACD4.4030306@hgcbroadband.com>

At 10:34 PM 6/5/2004, The Shell wrote:
>The Shell wrote:
>>Hi,
>>Pardon me if this makes so Simple to you. I m new in this terminology.
>>What is ou=People or ou=Ethers defined in the slapd.conf ?
>>I m just afraid there is corresponding setup in my enviornment so my test fail.
>>I suspect the followin setting is not consistent or may be not consistent to the available Principals in my Kerberos server,
>>but I get confused, so hopefully you can give advise to try a different config.
>>
>>Here is partial config of the slapd.conf file:
>>sasl-realm      XYZ.COM
>>sasl-host       kerberos.xyz.com
>>sasl-regexp
>>       uid=Manager,cn=xyz.com,cn=gssapi,cn=auth
>>       uid=Manager,dc=xyz,dc=com
>
>
>>sasl-regexp
>>       uid=(.*),cn=authtec.com,cn=gssapi,cn=auth
>>       uid=$1,ou=People,dc=authtec,dc=com
>
>Sorry, a typing mistake, it should be:
>sasl-regexp
>      uid=(.*),cn=xyz.com,cn=gssapi,cn=auth
>      uid=$1,ou=People,dc=xyz,dc=com
>
>>
>>
>>Here is a list of Principals in my Kerberos server: (Heimdal Kerberos 5)
>>root@fbsd [1:03pm] [...etc/openldap]# ktutil list
>>FILE:/etc/krb5.keytab:
>>
>>Vno  Type           Principal                           1  
>>des-cbc-crc    host/kerberos.xyz.com@XYZ.COM
>>1  des-cbc-md4    host/kerberos.xyz.com@XYZ.COM
>>1  des-cbc-md5    host/kerberos.xyz.com@XYZ.COM
>>1  des3-cbc-sha1  host/kerberos.xyz.com@XYZ.COM
>>1  des-cbc-crc    host/fbsd.xyz.com@XYZ.COM   1  des-cbc-md4    
>>host/fbsd.xyz.com@XYZ.COM    1  des-cbc-md5    
>>host/fbsd.xyz.com@XYZ.COM   1  des3-cbc-sha1  
>>host/fbsd.xyz.com@XYZ.COM    1  des-cbc-crc    
>>ldap/dev.xyz.com@XYZ.COM    1  des-cbc-md4    
>>ldap/dev.xyz.com@XYZ.COM   1  des-cbc-md5    
>>ldap/dev.xyz.com@XYZ.COM   1  des3-cbc-sha1  
>>ldap/dev.xyz.com@XYZ.COM    1  des-cbc-crc    
>>ldap/localhost.xyz.com@XYZ.COM
>>1  des-cbc-md4    ldap/localhost.xyz.com@XYZ.COM
>>1  des-cbc-md5    ldap/localhost.xyz.com@XYZ.COM
>>1  des3-cbc-sha1  ldap/localhost.xyz.com@XYZ.COM

no ldap/kerberos.xyz.com@XYZ.COM?


>>All of the above principles are refered to one Kerberos server.
>>
>>In user Manager:
>>Manager@fbsd [1:06pm] [~]> klist
>>Credentials cache: FILE:/tmp/krb5cc_1002
>>      Principal: Manager@XYZ.COM
>>
>>Issued           Expires          Principal                          
>>Jun  6 11:48:25  Jun  6 21:48:25  krbtgt/XYZ.COM@XYZ.COM       Jun  6 11:49:04  Jun  6 21:48:25  ldap/localhost.xyz.com@XYZ.COM

ldap/localhost.xyz.com@XYZ.COM?

References:
- need suggestion on indexing big directory
  - From: vadim tarassov <vadim.tarassov@swissonline.ch>
- Re: need suggestion on indexing big directory
  - From: Quanah Gibson-Mount <quanah@stanford.edu>
- Re: Possible incorrect setup in slapd.conf with relation to Kerberos config.
  - From: The Shell <samwun@hgcbroadband.com>
- Re: Possible incorrect setup in slapd.conf with relation to Kerberos config.
  - From: The Shell <samwun@hgcbroadband.com>

Prev by Date: RE: loading of 1 million records usign slapadd takes forever
Next by Date: Re: sample DB_CONFIG bdb backend docs : a must in faq-o-matic
Index(es):
- Chronological
- Thread