|
| Configuring the Kerberos Server with LDAP |
|
| Configuration Files for LDAP Integration |
Table | krb5_ldap.conf File Format (Continued) | |
|
|
|
| Parameter | Description |
|
|
|
| default_objcls_attr | This line specifies the mandatory |
|
| attribute of the default object |
|
| class. |
|
| Example: uid |
|
| When the Kerberos server creates |
|
| a default object it uses the first |
|
| attribute specified in this field, as |
|
| the naming attribute. When |
|
| adding a principal, an error |
|
| message is displayed if duplicate |
|
| entries are found. |
|
| You can change the default |
|
| settings of the naming attribute |
|
| by changing the order of entries in |
|
| the krb5_ldap.conf file. Save |
|
| these changes and restart the |
|
| Kerberos server application. |
|
|
|
| proxy_user | This line specifies the DN of the |
|
| proxy user. The Kerberos server |
|
| binds to the Directory server as |
|
| the proxy user. The proxy user |
|
| must have the appropriate |
|
| privileges to create, modify and |
|
| delete Kerberos principals. |
|
| Example: cn=Anne |
|
|
|
The krb5_schema.conf File
A schema is a collection of object and attribute definitions that defines the structure of the entries in a database. The krb5_schema.conf file is the kerberos schema file that contains the object and attribute definitions of the kerberos principal entries. LDAP objects are standardized in order to provide interoperability with a variety of directory services servers. The krb5_schema.conf file defines the following:
Chapter 6 | 77 |