[19967] in Kerberos_V5_Development
Re: Difference between kerberos.openldap.ldif and kerberos.ldif; why
daemon@ATHENA.MIT.EDU (Greg Hudson)
Fri Aug 30 19:47:53 2019
To: =?UTF-8?B?0JTQuNC70Y/QvSDQn9Cw0LvQsNGD0LfQvtCy?=
<dilyan.palauzov@aegee.org>,
<krbdev@mit.edu>
From: Greg Hudson <ghudson@mit.edu>
Message-ID: <25dbcd2f-7693-e202-271a-6279ee88af69@mit.edu>
Date: Fri, 30 Aug 2019 19:45:53 -0400
MIME-Version: 1.0
In-Reply-To: <28ede08d657f19dbd400570f5cb229d19744afc7.camel@aegee.org>
Content-Language: en-US
Content-Type: text/plain; charset="utf-8"
Errors-To: krbdev-bounces@mit.edu
Content-Transfer-Encoding: 8bit
On 8/30/19 4:53 PM, Дилян Палаузов wrote:
> • what is the difference between
> krb5-1.17/src/plugins/kdb/ldap/libkdb_ldap/kerberos.schema ,
> krb5-1.17/src/plugins/kdb/ldap/libkdb_ldap/kerberos.openldap.ldif and
> krb5-1.17/src/plugins/kdb/ldap/libkdb_ldap/kerberos.ldif ?
The .schema file is intended for consumption by old-style OpenLDAP
configuration files. The .ldif file is intended for consumption by
Netscape-derived LDAP servers, I believe, while the .openldap.ldif file
was added more recently for consumption by OpenLDAP cn=config.
> https://web.mit.edu/kerberos/krb5-devel/doc/admin/advanced/ldapbackend.html suggests doing conversions and [...]
That page was written before kerberos.openldap.ldif was added and hasn't
been revised. I will make a note to update it.
> Why do I have to pass -H in order to see the domains:
I think because of the [dbdefaults] ldap_servers issue described later.
> • The documentation at https://web.mit.edu/kerberos/krb5-1.12/doc/admin/conf_files/kdc_conf.html#dbdefaults suggests,
> that if ldap_servers = ldapi://%2Fvar%2Frun%2Fldapi is in the [dbdefaults] section, then it does not have to be listed
> in a module within [dbmodules]. I cannot confirm this.
This appears to be a long-standing documentation error. I will correct
the documentation to remove ldap_servers from the list of LDAP variables
which can appear in [dbdefaults].
_______________________________________________
krbdev mailing list krbdev@mit.edu
https://mailman.mit.edu/mailman/listinfo/krbdev
