More text about the acl_file entry and hdb-ldap-structural-object.
From Rüdiger Ranft. git-svn-id: svn://svn.h5l.se/heimdal/trunk/heimdal@17960 ec53bebd-3082-4978-b11e-865c3cabbd6b
This commit is contained in:
Love Hörnquist Åstrand
@@ -932,18 +932,25 @@ schema definition syntax instead of the old UMich-style, V2 syntax.
|
|||||||
|
|
||||||
@item
|
@item
|
||||||
You should specify the distinguished name under which your
|
You should specify the distinguished name under which your
|
||||||
principals will be stored in @file{krb5.conf}:
|
principals will be stored in @file{krb5.conf}. Also you need to
|
||||||
|
enter the path to the kadmin acl file:
|
||||||
|
|
||||||
|
|
||||||
@example
|
@example
|
||||||
[kdc]
|
[kdc]
|
||||||
database = @{
|
database = @{
|
||||||
dbname = ldap:ou=KerberosPrincipals,dc=example,dc=com
|
dbname = ldap:ou=KerberosPrincipals,dc=example,dc=com
|
||||||
|
hdb-ldap-structural-object = inetOrgPerson
|
||||||
|
acl_file = /path/to/kadmind.acl
|
||||||
mkey_file = /path/to/mkey
|
mkey_file = /path/to/mkey
|
||||||
@}
|
@}
|
||||||
@end example
|
@end example
|
||||||
|
|
||||||
@samp{mkey_file} can be excluded if you feel that you trust your ldap
|
@samp{mkey_file} can be excluded if you feel that you trust your ldap
|
||||||
directory to have the raw keys inside it.
|
directory to have the raw keys inside it. The
|
||||||
|
hdb-ldap-structural-object is not necessary if you do not need Samba
|
||||||
|
comatibility.
|
||||||
|
|
||||||
|
|
||||||
|
|
||||||
@item
|
@item
|
||||||
|
|||||||
Reference in New Issue
Block a user