More text about the acl_file entry and hdb-ldap-structural-object.
From Rüdiger Ranft. git-svn-id: svn://svn.h5l.se/heimdal/trunk/heimdal@17960 ec53bebd-3082-4978-b11e-865c3cabbd6b
This commit is contained in:
@@ -932,18 +932,25 @@ schema definition syntax instead of the old UMich-style, V2 syntax.
|
||||
|
||||
@item
|
||||
You should specify the distinguished name under which your
|
||||
principals will be stored in @file{krb5.conf}:
|
||||
principals will be stored in @file{krb5.conf}. Also you need to
|
||||
enter the path to the kadmin acl file:
|
||||
|
||||
|
||||
@example
|
||||
[kdc]
|
||||
database = @{
|
||||
dbname = ldap:ou=KerberosPrincipals,dc=example,dc=com
|
||||
hdb-ldap-structural-object = inetOrgPerson
|
||||
acl_file = /path/to/kadmind.acl
|
||||
mkey_file = /path/to/mkey
|
||||
@}
|
||||
@end example
|
||||
|
||||
@samp{mkey_file} can be excluded if you feel that you trust your ldap
|
||||
directory to have the raw keys inside it.
|
||||
directory to have the raw keys inside it. The
|
||||
hdb-ldap-structural-object is not necessary if you do not need Samba
|
||||
comatibility.
|
||||
|
||||
|
||||
|
||||
@item
|
||||
|
Reference in New Issue
Block a user