3 LDAP backend on Ubuntu 10.4 (lucid)
4 ===================================
6 Setting up Kerberos v1.9 with LDAP backend on Ubuntu 10.4 (Lucid Lynx)
12 Install the following packages: *slapd, ldap-utils* and *libldap2-dev*
14 You can install the necessary packages with these commands::
16 sudo apt-get install slapd
17 sudo apt-get install ldap-utils
18 sudo apt-get install libldap2-dev
20 Extend the user schema using schemas from standart OpenLDAP
21 distribution: *cosine, mics, nis, inetcomperson* ::
23 ldapadd -Y EXTERNAL -H ldapi:/// -f /etc/ldap/schema/cosine.ldif
24 ldapadd -Y EXTERNAL -H ldapi:/// -f /etc/ldap/schema/mics.ldif
25 ldapadd -Y EXTERNAL -H ldapi:/// -f /etc/ldap/schema/nis.ldif
26 ldapadd -Y EXTERNAL -H ldapi:/// -f /etc/ldap/schema/inetcomperson.ldif
29 Building Kerberos from source
30 -----------------------------
34 ./configure --with-ldap
45 Update kdc.conf with the LDAP back-end information::
49 database_module = LDAP
55 ldap_kerberos_container_dn = cn=krbContainer,dc=example,dc=com
56 ldap_kdc_dn = cn=admin,dc=example,dc=com
57 ldap_kadmind_dn = cn=admin,dc=example,dc=com
58 ldap_service_password_file = /usr/local/var/krb5kdc/admin.stash
59 ldap_servers = ldapi:///
66 From the source tree copy
67 ``src/plugins/kdb/ldap/libkdb_ldap/kerberos.schema`` into
70 Warning: this step should be done after slapd is installed to avoid
71 problems with slapd installation.
73 To convert kerberos.schema to run-time configuration (``cn=config``)
76 #. Create a temporary file ``/tmp/schema_convert.conf`` with the
79 include /etc/ldap/schema/kerberos.schema
81 #. Create a temporary directory ``/tmp/krb5_ldif``.
85 slaptest -f /tmp/schema_convert.conf -F /tmp/krb5_ldif
87 This should in a new file named
88 ``/tmp/krb5_ldif/cn=config/cn=schema/cn={0}kerberos.ldif``.
90 #. Edit ``/tmp/krb5_ldif/cn=config/cn=schema/cn={0}kerberos.ldif`` by
98 dn: cn=kerberos,cn=schema,cn=config
101 Also, remove following attribute-value pairs::
103 structuralObjectClass: olcSchemaConfig
105 creatorsName: cn=config
108 modifiersName: cn=config
111 #. Load the new schema with ldapadd (with the proper authentication)::
113 ldapadd -Y EXTERNAL -H ldapi:/// -f /tmp/krb5_ldif/cn=config/cn=schema/cn={0}kerberos.ldif
115 which should result the message ``adding new entry
116 "cn=kerberos,cn=schema,cn=config"``.
119 Create Kerberos database
120 ------------------------
122 Using LDAP administrator credentials, create Kerberos database and
125 kdb5_ldap_util -D cn=admin,dc=example,dc=com -H ldapi:/// create -s
127 Stash the LDAP administrative passwords::
129 kdb5_ldap_util -D cn=admin,dc=example,dc=com -H ldapi:/// stashsrvpw cn=admin,dc=example,dc=com
131 Start :ref:`krb5kdc(8)`::
135 To destroy database run::
137 kdb5_ldap_util -D cn=admin,dc=example,dc=com -H ldapi:/// destroy -f
143 * `Kerberos and LDAP <https://help.ubuntu.com/10.04/serverguide/C/kerberos-ldap.html>`_