[Date Prev][Date Next] [Chronological] [Thread] [Top]

Re: Possible incorrect setup in slapd.conf with relation to Kerberos config.

To: openldap-software@OpenLDAP.org
Subject: Re: Possible incorrect setup in slapd.conf with relation to Kerberos config.
From: The Shell <samwun@hgcbroadband.com>
Date: Sun, 06 Jun 2004 13:34:12 +0800
In-reply-to: <40C2A9C4.2010909@hgcbroadband.com>
References: <1086467012.3179.31.camel@localhost.localdomain> <8BF6D5DC0FFEFC6AD2516B9F@cadabra-dsl.stanford.edu> <40C2A9C4.2010909@hgcbroadband.com>
User-agent: Mozilla/5.0 (Windows; U; Windows NT 5.1; en-US; rv:1.7b) Gecko/20040316

The Shell wrote:

Hi,
Pardon me if this makes so Simple to you. I m new in this terminology. What is ou=People or ou=Ethers defined in the slapd.conf ? I m just afraid there is corresponding setup in my enviornment so my test fail. I suspect the followin setting is not consistent or may be not consistent to the available Principals in my Kerberos server, but I get confused, so hopefully you can give advise to try a different config.
Here is partial config of the slapd.conf file:
sasl-realm      XYZ.COM
sasl-host       kerberos.xyz.com
sasl-regexp
       uid=Manager,cn=xyz.com,cn=gssapi,cn=auth
       uid=Manager,dc=xyz,dc=com

sasl-regexp
       uid=(.*),cn=authtec.com,cn=gssapi,cn=auth
       uid=$1,ou=People,dc=authtec,dc=com


Sorry, a typing mistake, it should be:
sasl-regexp
      uid=(.*),cn=xyz.com,cn=gssapi,cn=auth
      uid=$1,ou=People,dc=xyz,dc=com

Here is a list of Principals in my Kerberos server: (Heimdal Kerberos 5)
root@fbsd [1:03pm] [...etc/openldap]# ktutil list
FILE:/etc/krb5.keytab:
Vno Type Principal 1 des-cbc-crc host/kerberos.xyz.com@XYZ.COM 1 des-cbc-md4 host/kerberos.xyz.com@XYZ.COM 1 des-cbc-md5 host/kerberos.xyz.com@XYZ.COM 1 des3-cbc-sha1 host/kerberos.xyz.com@XYZ.COM 1 des-cbc-crc host/fbsd.xyz.com@XYZ.COM 1 des-cbc-md4 host/fbsd.xyz.com@XYZ.COM 1 des-cbc-md5 host/fbsd.xyz.com@XYZ.COM 1 des3-cbc-sha1 host/fbsd.xyz.com@XYZ.COM 1 des-cbc-crc ldap/dev.xyz.com@XYZ.COM 1 des-cbc-md4 ldap/dev.xyz.com@XYZ.COM 1 des-cbc-md5 ldap/dev.xyz.com@XYZ.COM 1 des3-cbc-sha1 ldap/dev.xyz.com@XYZ.COM 1 des-cbc-crc ldap/localhost.xyz.com@XYZ.COM 1 des-cbc-md4 ldap/localhost.xyz.com@XYZ.COM 1 des-cbc-md5 ldap/localhost.xyz.com@XYZ.COM 1 des3-cbc-sha1 ldap/localhost.xyz.com@XYZ.COM
All of the above principles are refered to one Kerberos server.
In user Manager:
Manager@fbsd [1:06pm] [~]> klist
Credentials cache: FILE:/tmp/krb5cc_1002
      Principal: Manager@XYZ.COM
Issued Expires Principal Jun 6 11:48:25 Jun 6 21:48:25 krbtgt/XYZ.COM@XYZ.COM Jun 6 11:49:04 Jun 6 21:48:25 ldap/localhost.xyz.com@XYZ.COM
Thanks for the help
Sam

Follow-Ups:
- Re: Possible incorrect setup in slapd.conf with relation to Kerberos config.
  - From: "Kurt D. Zeilenga" <Kurt@OpenLDAP.org>

References:
- need suggestion on indexing big directory
  - From: vadim tarassov <vadim.tarassov@swissonline.ch>
- Re: need suggestion on indexing big directory
  - From: Quanah Gibson-Mount <quanah@stanford.edu>
- Re: Possible incorrect setup in slapd.conf with relation to Kerberos config.
  - From: The Shell <samwun@hgcbroadband.com>

Prev by Date: Re: Possible incorrect setup in slapd.conf with relation to Kerberos config.
Next by Date: Re: scaling openldap for performance
Index(es):
- Chronological
- Thread