Configuring the Kerberos Server with LDAP
Setting up Your LDAP ConfigurationSetting up Your LDAP ConfigurationPlan how to set up and verify your LDAP directory and your Kerberos server environment, before you put them into production. Consider the following questions and record your decisions and other information that you will need later in the Configuration Worksheet found in Appendix A, “Configuration Worksheet,” on page 311.
•What is the host name of your directory server?
Write down your directory server host name in the Configuration Worksheet. This is where your Kerberos principals reside. Enter either the FQDN or the IP address.
For example, fox.bambi.com or 18.13.118.130.
•What is the port number of your directory server?
Write down the port number of your directory server in the Configuration Worksheet.
—If you have opted for SSL as the security mechanism the default TCP port number is 636.
—If you have opted for Password as the security mechanism the default TCP port number is 389.
•Have you decided to extend the schema?
A schema is the collection of object class and attribute type definitions. A server uses these definitions to determine how to match a filter or attribute against the attributes of a specific entry and whether to grant permissions to any given attributes.
You must have administrative privileges to extend the schema. If you do not have these privileges contact your LDAP administrator. You need to extend the LDAP schema with Kerberos specific object classes and attributes.
•Have you decided on the security mechanism?
To access the information stored in the directory, you must authenticate to the directory first. Once authenticated, and depending on the authorization information stored in the directory
84 | Chapter 6 |