[Date Prev][Date Next] [Chronological] [Thread] [Top]

Re: ACL Headaches

To: Karsten Gorling <kgorling@physik.tu-berlin.de>
Subject: Re: ACL Headaches
From: Howard Chu <hyc@symas.com>
Date: Thu, 22 Sep 2005 16:54:37 -0700
Cc: openldap-software@OpenLDAP.org
In-reply-to: <20050922232143.GF7394@gargantubrain>
References: <007B03728472A54799C578AADB0A018B282F099C@CINMLVEM04.e2k.ad.ge.com> <20050922232143.GF7394@gargantubrain>
User-agent: Mozilla/5.0 (Windows; U; Windows NT 5.1; en-US; rv:1.9a1) Gecko/20050921 SeaMonkey/1.1a

Karsten Gorling wrote:

* Bennett, Silas (GE Infrastructure) <Silas.Bennett@ge.com> [050922 16:03]:
Hi All,
I am trying to set up openLDAP with Kerberos5 for authentication. I found and followed the _excellent_ howto by Turbo Fredriksson at http://www.bayour.com/LDAPv3-HOWTO.html and almost every thing is working. I can browse, search, & modify the LDAP database using:
On a other notice: I just put my eyes on the above mentioned HOWTO. As far as I read, it is suggested to compile cyrus-sasl und the OpenLDAP-Daemon against the MIT-Kerberos-Libs. This is, to my knowledge, very errorprone, since the MIT-Kerberos-Libs are not thread safe. You are much better of, using Heimdal instead.

That page is full of errors. The page's author has no clear understanding of how Kerberos, SASL, and OpenLDAP fit together. I have posted corrections so many times I've lost count, and no longer bother trying.

--
 -- Howard Chu
 Chief Architect, Symas Corp.  http://www.symas.com
 Director, Highland Sun        http://highlandsun.com/hyc
 OpenLDAP Core Team            http://www.openldap.org/project/

References:
- ACL Headaches
  - From: "Bennett, Silas \(GE Infrastructure\)" <Silas.Bennett@ge.com>
- Re: ACL Headaches
  - From: Karsten Gorling <kgorling@physik.tu-berlin.de>

Prev by Date: RE: ACL Headaches
Next by Date: Re: OpenLDAP Server configuration for controls and extends HOWTO
Index(es):
- Chronological
- Thread