On 2/27/07, Mark Wilcox <[EMAIL PROTECTED]> wrote:
I have a quick question. Did you use the example Kerberos entries that
come with ApacheDS or are there example entries posted elsewhere?
I didn't see them on the Wiki docs.
No, I haven't posted them yet. This is pretty alpha, which is why I
put them in the sandbox. I'm not sure which example Kerberos entries
you're referring to, but IIRC the example we ship has entries for
similar services, like krbtgt, changepw, and ssh. Below is a quick
entry for an LDAP server. You need an LDAP service principal, krbtgt
entry, and at least one user principal to make this work. The key
thing is the format of the LDAP service principal name:
Use 'ldap' for LDAP:
krb5PrincipalName: ldap/[EMAIL PROTECTED]
Similar entries will work for other services, e.g. use 'HTTP' for web servers.
dn: uid=hostldap,ou=users,dc=example,dc=com
ou: users
uid: hostldap
cn: LDAP Service
givenname: LDAP
sn: Service
objectclass: top
objectclass: person
objectclass: organizationalPerson
objectclass: inetOrgPerson
objectclass: krb5Principal
objectclass: krb5KDCEntry
krb5PrincipalName: ldap/[EMAIL PROTECTED]
krb5KeyVersionNumber: 1
userpassword: randall
HTH,
Enrique