Configuring the Kerberos Server with LDAP
Configuration Files for LDAP Integration
This file is generated automatically based on the input provided by you while autoconfiguring the Kerberos server. Alternatively, a sample file is available in the /opt/krb5/examples directory. You can copy this file to the /opt/krb5 directory, and manually edit it. HP recommends that you use the autoconfiguration tool to generate this file.
This file must reside in the /opt/krb5 directory and must have the following permissions:
Following is the format of the krb5_ldap.conf file:
ldap_enabled = 1
directory_servers = fox.bambi.com:389 base_dn_for_search = o=bambi.com security_mech = password proxy_user=cn = Directory Manager
proxy_user_password = <#$%^&*0#$0^&@1!$^%#10^0%> default_object_template = account default_princ_subtree = ou=People,o=bambi.com default_objcls_attr = uid
Use the krb5_encrypt tool to modify the proxy_user_password field in the /opt/krb5/krb5_ldap.conf file. You must change the proxy field whenever you change the password of the proxy user or the master key. Ensure that the encryption key type and the master key type are the same; else the Kerberos server will not connect to the LDAP server. Table
Table | krb5_ldap.conf File Format |
|
|
|
|
| Parameter | Description |
|
|
|
| ldap_enabled | This line indicates whether you |
|
| have enabled LDAP. |
|
| 1 indicates that you have enabled |
|
| LDAP and 0 indicates that you |
|
| have not enabled LDAP as the |
|
| backend database. |
|
|
|
Chapter 6 | 75 |