[Freeipa-devel] more work on the setup scripts
Simo Sorce
ssorce at redhat.com
Fri Jul 13 23:42:47 UTC 2007
If there are no objections I will commit this before leaving on Monday.
- patch for fedroa-ds init scripts bz#248169
- create the keytab for the ldap service
- create the sample bind zone
- test the hostname is set up correctly and resolves to a real IP not
127.0.01
- use the domain portion of the hostname as the DNS domain
(ie dns domain may be != realm)
- fix the kdb5_ldap_util paramter to actually pass the master password
I still have a problem with GSSAPI authentication against LDAP
I encoded the same settings I use in my working prototype but SASL auth
does not work in the installation test environment.
Raising the log level of fedora-ds shows that the sasl mapping object is
searched and found, but then fedora-ds tries to find the user account
using the wrong filter: (&(uid=<username>)) instead oh
(krbPrinciplaName=<username>@<REALM>) as specified in the configuration.
The basedn is correct.
Will digg on this later.
Simo.
-------------- next part --------------
A non-text attachment was scrubbed...
Name: freeipa-setup-20070713.patch
Type: text/x-patch
Size: 10551 bytes
Desc: not available
URL: <http://listman.redhat.com/archives/freeipa-devel/attachments/20070713/ef5fb590/attachment.bin>
More information about the Freeipa-devel
mailing list