A problem is described in the article: www.iem.pw.edu.pl/~wielebap/ldap/heimdal/heimdal_doc.pdf (It also contains instructions how to install kerberos with ldap backend.) Now heimdal ldap backend uses ldapi:///. As it is not a full path to the socket, LDAP database is not accesible to kerberos. 'kadmin -l' ill not have an access to the ldap database. My environment: heimdal-0.6.1 openldap-sasl-server-2.2.15 Fix: A default location for slapd socket is: /var/run/openldap/ldapi. Here is a patch for heimdal port: % cat /usr/ports/security/heimdal/files/patch-hdb-ldap.c - rc = ldap_initialize((LDAP **) & db->db, "ldapi:///"); + rc = ldap_initialize((LDAP **) & db->db, "ldapi://%2fvar%2frun%2fopenldap%2 fldapi/"); if (rc != LDAP_SUCCESS) { krb5_set_error_string(context, "ldap_initialize: %s", ldap_err2string(rc )); return HDB_ERR_NOENTRY; You can also download it from: www.iem.pw.edu.pl/~wielebap/ldap/heimdal/ If you're using heimdal from the base system sources, apply a patch to: /usr/src/crypto/heimdal/lib/hdb/hdb-ldap.c--fLa0I7P1AHl330LiGWEhVmgwCgu5MK6gZ7LHw1Nd99kyrtof Content-Type: text/plain; name="file.diff" Content-Transfer-Encoding: 7bit Content-Disposition: attachment; filename="file.diff" --- lib/hdb/hdb-ldap.c.orig Thu Sep 18 22:49:09 2003 +++ lib/hdb/hdb-ldap.c Tue Sep 27 17:19:13 2004 @@ -984,7 +984,7 @@ return 0; }
Responsible Changed From-To: freebsd-ports-bugs->nectar Over to maintainer.
Responsible Changed From-To: nectar->freebsd-ports-bugs Reset assignee; nectar is away from FreeBSD work at the moment.
State Changed From-To: open->feedback Pawel, since this PR is quite old - can you check if the patch to the port is still actual?
This patch is not too old, but it should be modified. I don't test functionality, but it compiles w/o errors -- Best regards, Arseny Nasokin
State Changed From-To: feedback->open Feedback received.
Responsible Changed From-To: freebsd-ports-bugs->shaun Take; I'm the new heimdal maintainer.
State Changed From-To: open->closed I've updated the port, thanks! The path can be overridden when building the port by setting LDAP_SOCKET_PATH to the location of the socket.
shaun 2006-10-07 00:42:57 UTC FreeBSD ports repository Modified files: security/heimdal Makefile Added files: security/heimdal/files extrapatch-lib_hdb_hdb-ldap.c Log: When using LDAP as a KDC back-end, allow users to override the hard-coded LDAP socket path. By default, we will use the path where OpenLDAP usually puts its socket. PR: ports/72149 Submitted by: Pawel Wieleba <wielebap@iem.pw.edu.pl> Revision Changes Path 1.78 +12 -0 ports/security/heimdal/Makefile 1.1 +11 -0 ports/security/heimdal/files/extrapatch-lib_hdb_hdb-ldap.c (new) _______________________________________________ cvs-all@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/cvs-all To unsubscribe, send any mail to "cvs-all-unsubscribe@freebsd.org"