From owner-freebsd-questions@FreeBSD.ORG Tue May 31 12:00:16 2005 Return-Path: X-Original-To: questions@freebsd.org Delivered-To: freebsd-questions@FreeBSD.ORG Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125]) by hub.freebsd.org (Postfix) with ESMTP id 22B1B16A454 for ; Tue, 31 May 2005 12:00:16 +0000 (GMT) (envelope-from fandino@ng.fadesa.es) Received: from tierra2.ng.fadesa.es (tierra2.ng.fadesa.es [195.55.55.166]) by mx1.FreeBSD.org (Postfix) with ESMTP id 7A79143D53 for ; Tue, 31 May 2005 12:00:14 +0000 (GMT) (envelope-from fandino@ng.fadesa.es) Received: from [195.55.55.163] ([195.55.55.163]) (authenticated bits=0) by tierra2.ng.fadesa.es (8.12.10/8.12.10) with ESMTP id j4VC0AnZ029524 (version=TLSv1/SSLv3 cipher=DHE-RSA-AES256-SHA bits=256 verify=NO) for ; Tue, 31 May 2005 14:00:13 +0200 Message-ID: <429C51CA.3060900@ng.fadesa.es> Date: Tue, 31 May 2005 14:00:10 +0200 From: fandino User-Agent: Mozilla/5.0 (X11; U; Linux i686; en-US; rv:1.7.6) Gecko/20050319 X-Accept-Language: gl, en, es MIME-Version: 1.0 To: questions@freebsd.org Content-Type: text/plain; charset=us-ascii; format=flowed Content-Transfer-Encoding: 7bit X-Authenticated-Sender: user fandino from 195.55.55.163 Cc: Subject: kadmin (heimdal port) ignores the ldap backend X-BeenThere: freebsd-questions@freebsd.org X-Mailman-Version: 2.1.5 Precedence: list Reply-To: fandino@ng.fadesa.es List-Id: User questions List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Tue, 31 May 2005 12:00:16 -0000 X-List-Received-Date: Tue, 31 May 2005 12:00:16 -0000 Hello, I'm testing a new configuration with heimdal and the ldap backend but kadmin is completely ignoring the ldap directive in the dbname definition. last cvsup of the ports was yesterday and LDAP was defined in the heimdal port config: root@damocles:/usr/ports/security/heimdal# make showconfig ===> The following configuration options are set for heimdal-0.6.3_2: LDAP=on "Use OpenLDAP as the KDC backend" CRACKLIB=on "Use CrackLib for password quality checking" X11=on "Build X11 utilies and indeed it's linked with ldap as you can see: # ldd /usr/local/sbin/kadmin /usr/local/sbin/kadmin: .... libldap-2.2.so.7 => /usr/local/lib/libldap-2.2.so.7 (0x2812c000) liblber-2.2.so.7 => /usr/local/lib/liblber-2.2.so.7 (0x2818a000) .... when the realm is initied kadmin creates a couple of files with the literal dbname definition (adding ldap: as filename prefix) instead of contacting the openldap server. # /usr/local/sbin/kadmin -l kadmin> init OLIMPUS Realm max ticket life [unlimited]: Realm max renewable ticket life [unlimited]: # ls -l ... -rw------- 1 root wheel 32768 May 31 10:19 ldap:ou=gods,dc=olimpus.db -rw------- 1 root wheel 7584 May 31 10:19 ldap:ou=gods,dc=olimpus.log ... anyone knows what I'm missing? Thank you. /---------/ # cat /etc/krb5.conf [libdefaults] default_realm = OLIMPUS default_etypes_des = des3-cbc-sha1 default_etypes = des3-cbc-sha1 [appdefaults] [realms] OLIMPUS = { kdc = localhost.olimpus admin_server = localhost.olimpus } [domain_realm] .olimpus = OLIMPUS [kdc] database = { realm = OLIMPUS dbname = ldap:ou=gods,dc=olimpus mkey_file = /var/heimdal/m-key } [logging] kdc = SYSLOG admin_server = SYSLOG default = SYSLOG