I have patched the sources to do subtree searches, and it seems to
be working flawlessly. The command "list *" in kadmin lists all the
principals found in the entire subtree, and I have been able to
successfully kinit using an entry located in a sub level.
Best regards
Jose Gonzalez Gomez wrote:
About the subtree scope... I have taken a look to hdb-ldap.c
(Heimdal 0.6.2), and it seems the one level scope is hard wired in two
points: line 588, in LDAP__lookup_princ, and line 934 in LDAP_firstkey.
I will change them to see what I get, but I'm just curious... is
everybody maintaining a flat directory even with lot of entries? Does
this have any advantage over organizing your directory using ou's?
Maybe I'm missing anything?
Best regards
Jose Gonzalez Gomez wrote:
Hi there,
I'm working on the integration of Heimdal and OpenLDAP, and I have
some doubts:
- Heimdal seems to be searching its entries in just one level
of
the LDAP tree, but I would like to have the entries organized in
several levels. Is this configurable/hard wired? Am I doing anything
wrong?
- Heimdal and OpenLDAP communicate using an unix socket
(ldapi://).
The location of the socket is configurable in OpenLDAP, but can you
configure this location in Heimdal, or is the /var/lib/ldapi location
hard wired?
- I have succeded in initializing a KDC database and adding
some
entries using the administration tool in Heimdal. I have noticed that
Heimdal creates several binary values under the krb5Key attribute. I'm
able to create these entries with ldapadd or using a graphical LDAP
client except for the krb5Key values. Is there any easy way of creating
these values without using the Heimdal administration tool? Until now
what I have done is to create the entry and then set (change) the
password using the Heimdal administration tool.
Sorry if this is a bit off topic, but you seem to have a very good
knowledge about these issues, and this list seems more active than the
heimdal list.
Thanks in advance, best regards
Jose
|