directory-users mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From "Michael Decker" <Michael.Dec...@mobilexag.de>
Subject AW: [ApacheDS] How to setup as kerberos server
Date Fri, 05 Sep 2008 09:31:31 GMT
	Hello,

I tried to uses ApacheDS 1.0.2 for Kerberos Service now.
Trying to use this documentation:
http://directory.apache.org/apacheds/1.0/kerberos-protocol-configuration.html
The after part does not work:
	--- SNIP ---
ERROR [org.apache.directory.daemon.Bootstrapper] - Failed on org.apache.directory.server.Service.init(InstallationLayout,
String[])
org.springframework.beans.factory.BeanCreationException: Error creating bean with name 'kdcConfiguration'
defined in URL [file:/C:/Programme/apacheds-1.0.2/conf/server.xml]: Error setting property
values; nested exception is org.springframework.beans.NotWritablePropertyException: Invalid
property 'enabled' of bean class [org.apache.directory.server.kerberos.kdc.KdcConfiguration]:
Bean property 'enabled' is not writable or has an invalid setter method: Does the parameter
type of the setter match the return type of the getter?
org.springframework.beans.NotWritablePropertyException: Invalid property 'enabled' of bean
class [org.apache.directory.server.kerberos.kdc.KdcConfiguration]: Bean property 'enabled'
is not writable or has an invalid setter method: Does the parameter type of the setter match
the return type of the getter?
	--- SNAP ---

So I uncomment the two kdc lines in server.xml:
	--- SNIP ---
<beans>
  <bean id="environment" class="org.springframework.beans.factory.config.PropertiesFactoryBean">
    <property name="properties">
      <props>
        <prop key="java.naming.security.authentication">simple</prop>
        <prop key="java.naming.security.principal">uid=admin,ou=system</prop>
        <prop key="java.naming.security.credentials">secret</prop>
        <prop key="kdc.entryBaseDn">ou=users,dc=example,dc=com</prop>
        <prop key="kdc.java.naming.security.credentials">secret</prop>
        <!--<prop key="changepw.entryBaseDn">ou=users,dc=example,dc=com</prop>-->

	--- SNAP ---

And uncomment this lines for loading LDIF files on startup:
	--- SNIP ---
    <property name="ldifDirectory">
      <value>../ldif</value>
    </property>
    <property name="ldifFilters">
      <list>
        <bean class="org.apache.directory.server.protocol.shared.store.Krb5KdcEntryFilter"/>
      </list>
    </property>
	--- SNAP ---

Using LDIF from http://thejavamonkey.blogspot.com/2008/07/using-apache-directory-server-as-kdc.html
With this additional lines:
	--- SNIP ---
# Users store
dn: ou=users,dc=example,dc=com
objectClass: top
objectClass: organizationalUnit
ou: users
	--- SNAP ---

But no kerberos is running.

I got all open ports with "netstat -a -n -b":
	--- SNIP ---
  Proto  Locale address         remote address          Status
 TCP    0.0.0.0:10389          0.0.0.0:0              ABHÖREN
 [apacheds.exe]
 TCP    127.0.0.1:30003        0.0.0.0:0              ABHÖREN
 [apacheds.exe]
 TCP    127.0.0.1:1075         127.0.0.1:1076         HERGESTELLT
[apacheds.exe]

TCP    127.0.0.1:1076         127.0.0.1:1075         HERGESTELLT
[apacheds.exe]
TCP    127.0.0.1:1083         127.0.0.1:1084         HERGESTELLT
[apacheds.exe]

TCP    127.0.0.1:1084         127.0.0.1:1083         HERGESTELLT
[apacheds.exe]
	--- SNAP ---

30003 is the shutdown port according to http://mail-archives.apache.org/mod_mbox/directory-commits/200601.mbox/%3C20060128224037.31340.qmail@minotaur.apache.org%3E
	--- SNIP ---
shutdownPort = AvailablePortFinder.getNextAvailable( 30003 );
	--- SNAP ---

10389 is the LDAP port.

Any idea?

With regards,
	Michael Decker
--
Michael Decker

mobileX AG          Tel.: 089 / 54 24 33 - 14
Rottmannstr. 11     Fax:  089 / 54 24 33 - 55
80333 München       Web:  http://www.mobilexag.de 

Registergericht:   Amtsgericht München
Handelsregisternr: HRB 134850
Vorstand:          Hannes Heckner
Aufsichtsratvors.: Karl-Heinz Horrer
 

-----Ursprüngliche Nachricht-----
Von: Michael Decker 
Gesendet: Mittwoch, 3. September 2008 15:31
An: users@directory.apache.org
Betreff: [ApacheDS] How to setup as kerberos server

	Hello,

I want to develope an application using kerberos for SSO.

So I thought it would be nice to use ApacheDS for this job, because it's a smaller system
and could be versioned by SVN.

This howto draft is out of date:
http://cwiki.apache.org/DIRxSBOX/draft-apacheds-kerberos-principal-configuration.html

What I've to configure instead of this lines?
	--- SNIP ---
<bean id="kdcConfiguration" class="org.apache.directory.server.kerberos.kdc.KdcConfiguration">
  <!-- Whether to enable the Kerberos protocol.                           -->
  <property name="enabled" value="true" />
  <!-- The port to run the Kerberos protocol on.                          -->
  <property name="ipPort" value="88" />
</bean>
	--- SNAP ---
<bean class="org.apache.directory.server.core.configuration.MutableInterceptorConfiguration">
  <property name="name" value="keyDerivationService" />
  <property name="interceptor">
    <bean class="org.apache.directory.server.core.kerberos.KeyDerivationService" />
  </property>
</bean>
	--- SNIP ---

Taks a lot.

With regards,
	Michael Decker
--
Michael Decker

mobileX AG          Tel.: 089 / 54 24 33 - 14
Rottmannstr. 11     Fax:  089 / 54 24 33 - 55
80333 München       Web:  http://www.mobilexag.de 

Registergericht:   Amtsgericht München
Handelsregisternr: HRB 134850
Vorstand:          Hannes Heckner
Aufsichtsratvors.: Karl-Heinz Horrer
 



Mime
View raw message