[Date Prev][Date Next]
[Chronological]
[Thread]
[Top]
Re: Handling slapd.d in OpenLDAP and Kerberos
Jaap Winius wrote:
Quoting "sarathkrishna89@gmail.com"<sarathkrishna89@gmail.com>:
For authenticating via OpenLDAP, the principles needs to be rewritten (using
authz-policy and authz-regexp). We know how to do
that in older version of OpenLDAP which had (slapd.conf) but don't know how
to do the same in new OpenLDAP which has slapd.d directory instead.
The manuals also doesn't say anything on this issue.
The switch from slapd.conf to cn=config takes a little getting used
to, plus the migration script may not work for you, but in the end I
produced a set of procedures that should tell you most of what you
want to know:
* Integrated Kerberos-OpenLDAP provider on Debian squeeze
http://www.rjsystems.nl/en/2100-d6-kerberos-openldap-provider.php
* Integrated Kerberos-OpenLDAP consumer on Debian squeeze
http://www.rjsystems.nl/en/2100-d6-kerberos-openldap-consumer.php
True, I didn't use Ubuntu in these examples, but I would not be
surprised if the procedures were almost identical, certainly with
cn=config.
If you read
http://highlandsun.com/hyc/drafts/draft-chu-ldap-xordered-xx.html
You could simplify your ACL changes in 7.1.1.x.
dn: olcDatabase={1}hdb,cn=config
changetype: modify
delete: olcAccess
olcAccess: {2}
olcAccess: {1}
olcAccess: {0}
-
Similarly in 7.1.2.x you don't need to specify the prefixes when you're adding
rules in order.
Cheers,
Jaap
--
-- Howard Chu
CTO, Symas Corp. http://www.symas.com
Director, Highland Sun http://highlandsun.com/hyc/
Chief Architect, OpenLDAP http://www.openldap.org/project/