[30634] in Kerberos
Re: ldap backend issues
daemon@ATHENA.MIT.EDU (=?UTF-8?B?TWljaGFlbCBTdHLDtmRlcg==)
Fri Jan 16 09:04:45 2009
From: =?UTF-8?B?TWljaGFlbCBTdHLDtmRlcg==?= <michael@stroeder.com>
Date: Fri, 16 Jan 2009 14:33:21 +0100
Message-ID: <2ue646-ff2.ln1@nb2.stroeder.com>
Mime-Version: 1.0
X-Complaints-To: usenet-abuse@t-online.de
In-Reply-To: <mailman.25.1232097632.4529.kerberos@mit.edu>
To: kerberos@mit.edu
Content-Type: text/plain; charset="us-ascii"
Content-Transfer-Encoding: 7bit
Errors-To: kerberos-bounces@mit.edu
Thomas Mueller wrote:
> first, the online documentation**, says to create new ACL's ending with
> "by * none". this disabled the access for all except the two kerberos
> users. after reading man slapd.access it may be better read "by * break"
> to let slapd evaluate the next access statements?
I'd suggest to examine ACL issues by setting an appropriate log level
and clarify what you find in the logs on the openldap-software mailing list.
> second, i've configured the openldap like the sample krb5.conf file in
> chapter 3.3.11. altough i've written the kdc and adm dn the kdc-server
> and admin-server don't start without supplying "-x host=ldapi://<path> -x
> binddn=cn=kdc-service,dc=test". is /etc/krb5.conf the right place? don't
> i have to write some ldap config to /etc/krb5kdc/kdc.conf? "man kdc.conf"
> doesn't reveal anything about "ldap".
I also had some problems. But you should really try to collect some
Kerberos error messages and post them here. Also posting you krb5.conf
and kdc.conf would help.
> *slapd 2.4.11,
You should use 2.4.13. Many issues have been fixed. I can't tell whether
the fixes are relevant to your setup though.
Ciao, Michael.
________________________________________________
Kerberos mailing list Kerberos@mit.edu
https://mailman.mit.edu/mailman/listinfo/kerberos
