Configuring the Kerberos Server with LDAP
Setting up Your LDAP Configuration
•What is the name of your default principal subtree DN?
Each RDN in a DN corresponds to a branch in the DIT leading from the root of the DIT to the directory entry. The search base node subtree designates all the containers for the various information types under the base DN.
For example, ou=accounts, ou=people, o=bambi.com
By default, all Kerberos principals are added in the default principal subtree, if no LDAP entry is specified while creating the kerberos principal. The default principal subtree DN must be located under the default base DN for search.
NOTE | To effectively search for data you must add all subtree entries under |
| the default base DN. |
|
|
•Where are your certificates located?
This path defines the location of the database that contains the certificates for your client. The database must contain the cert7.db certificate, which is used by Mozilla or Netscape client.x. You must specify the path to the directory containing the certificate database.
For example, /.netscape/cert7.db.
•What is the name of your proxy user?
Write down the distinguished name of the proxy user, if needed. The Kerberos server binds to the Directory server as the proxy user. This user must have the appropriate privileges to create, modify and delete Kerberos principals.
For example, cn=Anne.
•What is the name of your default object class template?
The Kerberos principal must be associated with at least one structural object class on the Directory server. The Kerberos server uses this template for those Kerberos principals who do not have an existing object class to be associated with on the Directory server.
For example, posixaccount.
•What are the attributes of your object class?
86 | Chapter 6 |