rigoletto@
Developer
Hello!
First, this is my first attempt of dealing with Kerberos and LDAP.
I configured Heimdal in a Master/Slave fashion what seem to be working nicely, then integrated it with OpenLDAP (GSSAPI, SASL) and (I think) it is working too. Each one are installed in a different jail.
The objective is to add users to authenticate on network (FreeRadius), Nextcloud, and maybe something more in the future. Also, I am willing to each user have its own separated LDAP address book.
So, I have some noob questions:
1 - I am using Heimdal with Berkley DB backend. I understand each user I add on LDAP would need to be manually added on Heimdal database too. There is a way to automatize it, using Heimdal with OpenLDAP backend is a (proper) solution?
2 - After the entire day struggling to begin to understand the LDAP syntax, I was able to create a very basic ldif file to start with:
Beyond the fact I do not know if there are better options for LDAP configurations, the user1 configuration I got from this example, but I do not think I need all those options.
I tried to modify it, removing some of that, but it give me errors because objectclass: posixAccount seem to need all of them.
There is another objectclass what will properly works for users on Heimdal/LDAP integration? I feel that configuration is a proper one for OS authentication.
3 - Any idea (or something) of how create per user LDAP address book? I found some information about the creation of LDAP address books but I was not able to adapt any of those to a per user basis.
Thank you!
First, this is my first attempt of dealing with Kerberos and LDAP.
I configured Heimdal in a Master/Slave fashion what seem to be working nicely, then integrated it with OpenLDAP (GSSAPI, SASL) and (I think) it is working too. Each one are installed in a different jail.
The objective is to add users to authenticate on network (FreeRadius), Nextcloud, and maybe something more in the future. Also, I am willing to each user have its own separated LDAP address book.
So, I have some noob questions:
1 - I am using Heimdal with Berkley DB backend. I understand each user I add on LDAP would need to be manually added on Heimdal database too. There is a way to automatize it, using Heimdal with OpenLDAP backend is a (proper) solution?
2 - After the entire day struggling to begin to understand the LDAP syntax, I was able to create a very basic ldif file to start with:
Code:
dn: dc=example,dc=ch
objectclass: dcObject
objectclass: organization
o: example.ch
dc: example
dn: ou=AddressBook,dc=example,dc=ch
objectClass: organizationalUnit
ou:AddressBook
dn: ou=Users,dc=example,dc=ch
objectclass: organizationalUnit
ou:Users
dn: cn=Manager,dc=example,dc=ch
objectclass: organizationalRole
cn: Manager
dn: uid=user1,ou=Users,dc=example,dc=ch
cn: user1
displayname: user1
gidnumber: 10000
givenname: user1
homedirectory: /Users/user1
loginshell: /bin/bash
objectclass: inetOrgPerson
objectclass: posixAccount
objectclass: top
sn: user1
uid: user1
uidnumber: 10001
userpassword: {SASL}user1@EXAMPLE.CH
Beyond the fact I do not know if there are better options for LDAP configurations, the user1 configuration I got from this example, but I do not think I need all those options.
I tried to modify it, removing some of that, but it give me errors because objectclass: posixAccount seem to need all of them.
There is another objectclass what will properly works for users on Heimdal/LDAP integration? I feel that configuration is a proper one for OS authentication.
3 - Any idea (or something) of how create per user LDAP address book? I found some information about the creation of LDAP address books but I was not able to adapt any of those to a per user basis.
Thank you!
