[Freeipa-devel] more work on the setup scripts
Rob Crittenden
rcritten at redhat.com
Sat Jul 14 02:26:07 UTC 2007
Simo Sorce wrote:
> If there are no objections I will commit this before leaving on Monday.
>
> - patch for fedroa-ds init scripts bz#248169
> - create the keytab for the ldap service
> - create the sample bind zone
> - test the hostname is set up correctly and resolves to a real IP not
> 127.0.01
> - use the domain portion of the hostname as the DNS domain
> (ie dns domain may be != realm)
> - fix the kdb5_ldap_util paramter to actually pass the master password
>
> I still have a problem with GSSAPI authentication against LDAP
> I encoded the same settings I use in my working prototype but SASL auth
> does not work in the installation test environment.
> Raising the log level of fedora-ds shows that the sasl mapping object is
> searched and found, but then fedora-ds tries to find the user account
> using the wrong filter: (&(uid=<username>)) instead oh
> (krbPrinciplaName=<username>@<REALM>) as specified in the configuration.
> The basedn is correct.
>
> Will digg on this later.
You set the fedora-ds user as fds. We should probably create that user
if it doesn't already exist.
Looks like you have a typo when setting the sample DNS zone:
bind_fd, bind_name] = tempfile.mkstemp(".db","sammple.zone.")
Otherwise it looks ok.
rob
-------------- next part --------------
A non-text attachment was scrubbed...
Name: smime.p7s
Type: application/x-pkcs7-signature
Size: 3245 bytes
Desc: S/MIME Cryptographic Signature
URL: <http://listman.redhat.com/archives/freeipa-devel/attachments/20070713/23dc56cb/attachment.bin>
More information about the Freeipa-devel
mailing list