directory-dev mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From "Enrique Rodriguez" <enriqu...@gmail.com>
Subject Re: [Kerberos] Kerberos + OpenLDAP
Date Wed, 28 Feb 2007 02:34:11 GMT
On 2/27/07, Mark Wilcox <mark.wilcox@gmail.com> wrote:
> I have a quick question. Did you use the example Kerberos entries that
> come with ApacheDS or are there example entries posted elsewhere?
>
> I didn't see them on the Wiki docs.

No, I haven't posted them yet.  This is pretty alpha, which is why I
put them in the sandbox.  I'm not sure which example Kerberos entries
you're referring to, but IIRC the example we ship has entries for
similar services, like krbtgt, changepw, and ssh.  Below is a quick
entry for an LDAP server.  You need an LDAP service principal, krbtgt
entry, and at least one user principal to make this work.  The key
thing is the format of the LDAP service principal name:

Use 'ldap' for LDAP:
krb5PrincipalName: ldap/www.example.com@EXAMPLE.COM

Similar entries will work for other services, e.g. use 'HTTP' for web servers.

dn: uid=hostldap,ou=users,dc=example,dc=com
ou: users
uid: hostldap

cn: LDAP Service

givenname: LDAP
sn: Service

objectclass: top

objectclass: person

objectclass: organizationalPerson

objectclass: inetOrgPerson

objectclass: krb5Principal

objectclass: krb5KDCEntry


krb5PrincipalName: ldap/www.example.com@EXAMPLE.COM

krb5KeyVersionNumber: 1
userpassword: randall

HTH,

Enrique

Mime
View raw message