[29825] in Kerberos
Reusing existing people-entries for the LDAP-backend
daemon@ATHENA.MIT.EDU (Martin Schuster)
Wed May 14 10:42:45 2008
From: Martin Schuster <Martin.Schuster1@infineon.com>
Date: Wed, 14 May 2008 10:58:31 +0200
Message-ID: <g0e9jn$q3r$1@athen03.muc.infineon.com>
Mime-Version: 1.0
X-Complaints-To: usenet@infineon.com
To: kerberos@mit.edu
Content-Type: text/plain; charset="us-ascii"
Content-Transfer-Encoding: 7bit
Errors-To: kerberos-bounces@mit.edu
Using the two documents that I linked in
<g0e35v$h19$1@athen03.muc.infineon.com> today,
http://web.mit.edu/kerberos/krb5-1.6/krb5-1.6.3/doc/krb5-admin.html#Configuring-Kerberos-with-OpenLDAP-back_002dend
http://blogs.sun.com/wfiveash/entry/the_rough_guide_to_configuring
I managed to get Kerberos to store it's database in LDAP.
Only issue that I've encountered:
I want to reuse the existing entries in our ou=people tree, and in order to
do so I can of course use
kdb5_ldap_util [...] modify -subtrees 'ou=people,[...]'
to get Kerberos to look for the krbPrincipalName in that tree.
But if I now add a principal by first setting the krbPrincipalName
of the user in ou=people, and then issuing
kadmin.local -q 'addprinc joeuser'
the additional attributes (e.g. krbPrincipalKey) are still stored in
the Kerberos container tree.
I tried to use ou=people as container tree by issuing
kdb5_ldap_util [...] modify -containerref 'ou=people,[...]'
but then addprinc complains:
add_principal: Principal or policy already exists while creating
"joeuser@[...].COM".
Is there a way to get all data into the people-tree?
I'm not too afraid to hack around in plugins/kdb/ldap/ if necessary,
but would be glad if you could give me some hints what I'd need
to do there :)
tia,
--
Infineon Technologies IT-Services GmbH Martin.Schuster1@infineon.com
Lakeside B05, 9020 Klagenfurt, Austria Martin Schuster
FB: LG Klagenfurt, FN 246787y +43 5 1777 3517
________________________________________________
Kerberos mailing list Kerberos@mit.edu
https://mailman.mit.edu/mailman/listinfo/kerberos
