Summary: | Please add support for GSSAPI to slapd chroot | ||
---|---|---|---|
Product: | Sisyphus | Reporter: | Yurix <yurix> |
Component: | openldap-servers | Assignee: | Anton V. Boyarshinov <boyarsh> |
Status: | CLOSED FIXED | QA Contact: | qa-sisyphus |
Severity: | normal | ||
Priority: | P2 | CC: | boyarsh, imz, klark, ldv, mike, shaba, slev, vitty, viy |
Version: | unstable | ||
Hardware: | all | ||
OS: | Linux |
это применимо к 2.3.21-alt1? To package maintainer. Fixed in 2.3.39-alt1. |
For GSS-API bind to succeed we should fix /etc/chroot.d/ldap.conf: 1) copy (if exist) /etc/krb5.conf and /etc/openldap/ldap.keytab to /var/lib/ldap/etc/ 2) export KRB5_KTNAME if file /etc/openldap/ldap.keytab exists 3) provide /var/lib/ldap/var/tmp directory 4) I'd suggest to remove symlink /etc/openldap/ssl and use directory with the same name. Here how I made it to work: --------------------------- # subst 's:\(.*for f in slapd.conf rootdse.ldif\)\(.*\):\1 ldap.keytab\2:' /etc/chroot.d/ldap.conf # echo 'Copy -gldap -m640 $force /etc/krb5.conf etc/krb5.conf [ -d /var/lib/ldap/var/tmp ] || install -gldap -oldap -d /var/lib/ldap/var/tmp' >>/etc/chroot.d/ldap.conf # echo ' [ -f /etc/openldap/ldap.keytab ] && \ export KRB5_KTNAME=/etc/openldap/ldap.keytab' >>/etc/sysconfig/ldap # rm -f /etc/openldap/ssl; mkdir /etc/openldap/ssl Steps to Reproduce: 1. Install slapd 2. configure to support SASL 3. try ldapsearach Actual Results: will not work Expected Results: Should work out-of-box after user configure&install /etc/openldap/ldap.keytab and /etc/krb5.conf files