From owner-freebsd-current@FreeBSD.ORG Thu Oct 30 08:21:27 2014 Return-Path: Delivered-To: freebsd-current@freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2001:1900:2254:206a::19:1]) (using TLSv1.2 with cipher AECDH-AES256-SHA (256/256 bits)) (No client certificate requested) by hub.freebsd.org (Postfix) with ESMTPS id D74DCE01; Thu, 30 Oct 2014 08:21:27 +0000 (UTC) Received: from outpost1.zedat.fu-berlin.de (outpost1.zedat.fu-berlin.de [130.133.4.66]) (using TLSv1 with cipher DHE-RSA-AES256-SHA (256/256 bits)) (Client did not present a certificate) by mx1.freebsd.org (Postfix) with ESMTPS id 97E907B1; Thu, 30 Oct 2014 08:21:27 +0000 (UTC) Received: from inpost2.zedat.fu-berlin.de ([130.133.4.69]) by outpost.zedat.fu-berlin.de (Exim 4.82) with esmtp (envelope-from ) id <1Xjkys-001itA-8B>; Thu, 30 Oct 2014 09:21:18 +0100 Received: from p578a69f9.dip0.t-ipconnect.de ([87.138.105.249] helo=prometheus) by inpost2.zedat.fu-berlin.de (Exim 4.82) with esmtpsa (envelope-from ) id <1Xjkys-003k8z-3s>; Thu, 30 Oct 2014 09:21:18 +0100 Date: Thu, 30 Oct 2014 09:20:39 +0100 From: "O. Hartmann" To: freebsd-current , freebsd-questions Subject: Heimdal with OpenLDAP backend: Cannot open /usr/lib/hdb_ldap.so Message-ID: <20141030092039.47802349@prometheus> Organization: FU Berlin X-Mailer: Claws Mail 3.11.1 (GTK+ 2.24.22; amd64-portbld-freebsd11.0) MIME-Version: 1.0 Content-Type: text/plain; charset=US-ASCII Content-Transfer-Encoding: 7bit X-Originating-IP: 87.138.105.249 X-BeenThere: freebsd-current@freebsd.org X-Mailman-Version: 2.1.18-1 Precedence: list List-Id: Discussions about the use of FreeBSD-current List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Thu, 30 Oct 2014 08:21:27 -0000 On CURRENT (FreeBSD 11.0-CURRENT #0 r273810: Wed Oct 29 07:52:22 CET 2014 amd64) a running net/openldap24-sasl-server system is installed and running and is now about to be the database backend for Kerberos/Heimdal. net/openldap24-sasl-server is at openldap-sasl-server-2.4.40. The database storage scheme of the LDAP backend is MDB, as it is highly recommended by the vendors of OpenLDAP. Searching for suitable manuals, I found some HowTos describing how to setup MIT Kerberos V with an OpenLDAP backend and I started following the instructions there. Despite the fact that http://www.h5l.org/manual is dead(!) and no usefull documentation or any kind of a hint where to find useful documentation for Heimdal can be found, many of the MIT Kerberos V setup instructions seem to be a dead end when using Heimdal on FreeBSD. Most of the links on that heimdal site ends up in ERROR 404! Well, I think my objective isn't that exotic in an more advanced server environment and I think since FreeBSD is supposed to be used in advanced server environments this task should be well known - but little information/documentation is available. Nevertheless, I use the base system's heimdal implementation and I run into a very frustrating error when trying to run "kamdin -l": kadmin: error trying to load dynamic module /usr/lib/hdb_ldap.so: Cannot open "/usr/lib/hdb_ldap.so" The setup for the stanza [kdc] is [...] [kdc] database = { dbname=ldap:ou=kerberos,dc=server,dc=gdr #hdb-ldap-structural-object = inetOrgPerson mkey_file = /var/heimdal/m-key acl_file = /var/heimdal/kadmind.acl } instructions taken from http://www.padl.com/Research/Heimdal.html. Well, it seems that FreeBSD ships with a crippled heimdal implementation. Where is /usr/lib/hdb_ldap.so? I'm toying around this issue for several days now and it gets more and more frustrating, also with the perspective of having no running samba 4.1 server for the windows domain. Can someone give me a hint where to find suitable FreeBSD docs for a task like this? I guess since FreeBSD is considered a server OS more than a desktop/toy OS, there must be a solution for this. FreeBSD ships with heimdal in the base, but it seems this heimdal is broken. P.S. Please CC me.