[32751] in Kerberos
Re: list principals using ldap back end
daemon@ATHENA.MIT.EDU (Tom Parker)
Thu Sep 30 16:19:39 2010
Message-ID: <4CA4F0D7.6030904@cbnco.com>
Date: Thu, 30 Sep 2010 16:19:35 -0400
From: Tom Parker <tparker@cbnco.com>
MIME-Version: 1.0
To: Kevin Longfellow <klongfel@yahoo.com>
In-Reply-To: <352226.42178.qm@web53504.mail.re2.yahoo.com>
Cc: kerberos@mit.edu
Content-Type: text/plain; charset="us-ascii"
Content-Transfer-Encoding: 7bit
Errors-To: kerberos-bounces@mit.edu
Hi Kevin,
One more thing I just thought of.
Check the value for sscope (Search Scope). It should be in your
Kerberos Realm Container as krbSearchScope. If this is set to 1 it will
not search your subtrees.
From the krb5_ldap_util man page:
-sscope search_scope
Specifies the scope for searching the principals under the
subtrees. The possible values are 1 or one (one level), 2 or sub
(subtrees).
You can fix this with the krb5_ldap_util modify command or by
adding/modifying this attribute in your krbRealmContainer
Tom
On 09/30/2010 03:10 PM, Kevin Longfellow wrote:
> Hi,
>
> I tried to find this in the documentation so if someone could point me in the
> right direction, I would appreciate it. I am trying to list all the kerberos
> principals created with a LDAP back end that are not in the realm container.
> Using kadmin list_principals only shows what is in the realm container. We have
> the user principals in a different cn by using -subtrees when the realm was
> created. It looks like kdb5_ldap_util might be able to do this?
>
> Thanks for any help with this.
>
> Kevin
>
>
>
>
> ________________________________________________
> Kerberos mailing list Kerberos@mit.edu
> https://mailman.mit.edu/mailman/listinfo/kerberos
________________________________________________
Kerberos mailing list Kerberos@mit.edu
https://mailman.mit.edu/mailman/listinfo/kerberos
