Date: Wed, 01 Jun 2005 22:20:27 +0400 From: Boris Samorodov <bsam@ipt.ru> To: fandino@ng.fadesa.es Cc: freebsd-stable@FreeBSD.org, freebsd-ports@FreeBSD.org Subject: Re: kadmin (heimdal port) ignores the ldap backend Message-ID: <09783236@srv.sem.ipt.ru> In-Reply-To: <429DE188.5020908@ng.fadesa.es> (fandino@ng.fadesa.es's message of "Wed, 01 Jun 2005 18:25:44 %2B0200") References: <429D8B3B.50203@ng.fadesa.es> <29469499@srv.sem.ipt.ru> <429DE188.5020908@ng.fadesa.es>
next in thread | previous in thread | raw e-mail | index | archive | help
On Wed, 01 Jun 2005 18:25:44 +0200 fandino wrote: > Boris Samorodov wrote: > > On Wed, 01 Jun 2005 12:17:31 +0200 fandino wrote: > >> I'm testing a new configuration with heimdal and the ldap backend > >>but kadmin is completely ignoring the ldap directive in the dbname > >>definition. > ... > >>when the realm is initied kadmin creates a couple of files with the literal > >>dbname definition (adding ldap: as filename prefix) instead of contacting > >>the openldap server. > > > >># /usr/local/sbin/kadmin -l > >>kadmin> init OLIMPUS > >>Realm max ticket life [unlimited]: > >>Realm max renewable ticket life [unlimited]: > >># ls -l > >>... > >>-rw------- 1 root wheel 32768 May 31 10:19 ldap:ou=gods,dc=olimpus.db > >>-rw------- 1 root wheel 7584 May 31 10:19 ldap:ou=gods,dc=olimpus.log > >>... > >>anyone knows what I'm missing? > > What version of FreeBSD do you have? 5.4-RELEASE has heimdal 0.6.3 > > at > > the base system. > I'm using 5.4-RELEASE. > > Do you build FreeBSD with Kerberos support? There may be system > Yes, it was builded with Kerberos(0.6.3) and the heimdal port Aha, thus you install system libraries to /usr/lib etc... > (0.6.3) was also installed in order to get ldap support for ...and those libraries from the port install to /usr/local/lib... > kerberos without getting messed with the system kerberos. ...and finally get it messed. > > libraries located earlier in LDD_PATH which kadmin uses. Try ktrace > > and kdump to see which libraries are used at run-time. > you have found something interesting, this strace[1] shows us > that /usr/local/sbin/kadmin (the port kadmin binary) is using > "/usr/local/lib/libkadm5clnt.so.6" and "/usr/lib/libkadm5srv.so.7" > could libkadm5srv be the culprit (now I haven't access to this box)? I think this is the point. > how I can force /usr/local/sbin/kadmin to use the port library > and not the system library? 1. The main idea is to force search at /usr/local/lib before /usr/lib. a) you may set LD_LIBRARY_PATH=/usr/local/lib:$LD_LIBRARY_PATH at your system default profile; (but may be some other progs got to be mulfunctioning); b) you may write script like: --- kadmin.sh --- #!/bin/sh LD_LIBRARY_PATH=/usr/local/lib:$LD_LIBRARY_PATH; export LD_LIBRARY_PATH kadmin %1 %2 %3 ----------------- Maybe it's a better solution. 2. Set HEIMDAL_HOME=/usr at /etc/make.conf. So the local_base for the port is /usr. But then you won't get installed some docs (and maybe some more files). (Hey, is port broken?) Yes, this will replace your system files. But there won't be a mess. ;-) And, yes, you'll have to reinstall the port after system upgrade. Hence, all versions are rather more a hack then even a workaround, not to say a solution. I don't know any good solution. System files are installed to /usr. Many programs use those libraries. One need to install a version from ports. Those libraries are installed to /usr/local. But then one'll want to use ssh (linked to the system library) to authenticate somebody via LDAP/Kerberos... Who can give us a good solution? PS. CC:freebsd-stable@ seems to be the right thing. WBR -- bsam
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?09783236>