Skip site navigation (1)Skip section navigation (2) 
Date:      Wed, 01 Jun 2005 15:02:44 +0400
From:      Boris Samorodov <bsam@ipt.ru>
To:        fandino@ng.fadesa.es
Cc:        freebsd-ports@freebsd.org
Subject:   Re: kadmin (heimdal port) ignores the ldap backend
Message-ID:  <29469499@srv.sem.ipt.ru>
In-Reply-To: <429D8B3B.50203@ng.fadesa.es> (fandino@ng.fadesa.es's message of "Wed, 01 Jun 2005 12:17:31 %2B0200")
References:  <429D8B3B.50203@ng.fadesa.es>
next in thread | previous in thread | raw e-mail | index | archive | help 
On Wed, 01 Jun 2005 12:17:31 +0200 fandino wrote:

> Hello,

>   I'm testing a new configuration with heimdal and the ldap backend
> but kadmin is completely ignoring the ldap directive in the dbname
> definition.

> last cvsup of the ports was yesterday and LDAP was defined in
> the heimdal port config:

> root@damocles:/usr/ports/security/heimdal# make showconfig
> ===> The following configuration options are set for heimdal-0.6.3_2:
>       LDAP=on "Use OpenLDAP as the KDC backend"
>       CRACKLIB=on "Use CrackLib for password quality checking"
>       X11=on "Build X11 utilies

> and indeed it's linked with ldap as you can see:

> # ldd /usr/local/sbin/kadmin
> /usr/local/sbin/kadmin:
>      ....
>          libldap-2.2.so.7 => /usr/local/lib/libldap-2.2.so.7 (0x2812c000)
>          liblber-2.2.so.7 => /usr/local/lib/liblber-2.2.so.7 (0x2818a000)
>      ....

> when the realm is initied kadmin creates a couple of files with the literal
> dbname definition (adding ldap: as filename prefix) instead of contacting
> the openldap server.

> # /usr/local/sbin/kadmin -l
> kadmin> init OLIMPUS
> Realm max ticket life [unlimited]:
> Realm max renewable ticket life [unlimited]:
> # ls -l
> ...
> -rw-------  1 root  wheel  32768 May 31 10:19 ldap:ou=gods,dc=olimpus.db
> -rw-------  1 root  wheel   7584 May 31 10:19 ldap:ou=gods,dc=olimpus.log
> ...

> anyone knows what I'm missing?

What version of FreeBSD do you have? 5.4-RELEASE has heimdal 0.6.3 at
the base system.

Do you build FreeBSD with Kerberos support? There may be system
libraries located earlier in LDD_PATH which kadmin uses. Try ktrace
and kdump to see which libraries are used at run-time.


WBR
-- 
bsam

Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?29469499>