ports/72149: [PATCH] heimdal with LDAP backend - bad slapd socket path
Pawel Wieleba
wielebap at iem.pw.edu.pl
Tue Sep 28 15:30:30 UTC 2004
>Number: 72149
>Category: ports
>Synopsis: [PATCH] heimdal with LDAP backend - bad slapd socket path
>Confidential: no
>Severity: serious
>Priority: medium
>Responsible: freebsd-ports-bugs
>State: open
>Quarter:
>Keywords:
>Date-Required:
>Class: sw-bug
>Submitter-Id: current-users
>Arrival-Date: Tue Sep 28 15:30:30 GMT 2004
>Closed-Date:
>Last-Modified:
>Originator: Pawel Wieleba
>Release: FreeBSD 5.2.1
>Organization:
>Environment:
FreeBSD s09 5.2.1-RELEASE FreeBSD 5.2.1-RELEASE #0: Mon Feb 23 20:45:55 GMT 2004 root at wv1u.btc.adaptec.com:/usr/obj/usr/src/sys/GENERIC i386
>Description:
A problem is described in the article:
www.iem.pw.edu.pl/~wielebap/ldap/heimdal/heimdal_doc.pdf
(It also contains instructions how to install kerberos with ldap backend.)
Now heimdal ldap backend uses ldapi:///. As it is not a full path to the socket, LDAP database is not accesible to kerberos. 'kadmin -l' ill not have an access to the ldap database.
My environment:
heimdal-0.6.1
openldap-sasl-server-2.2.15
>How-To-Repeat:
>Fix:
A default location for slapd socket is:
/var/run/openldap/ldapi.
Here is a patch for heimdal port:
% cat /usr/ports/security/heimdal/files/patch-hdb-ldap.c
--- lib/hdb/hdb-ldap.c.orig Thu Sep 18 22:49:09 2003
+++ lib/hdb/hdb-ldap.c Tue Sep 27 17:19:13 2004
@@ -984,7 +984,7 @@
return 0;
}
- rc = ldap_initialize((LDAP **) & db->db, "ldapi:///");
+ rc = ldap_initialize((LDAP **) & db->db, "ldapi://%2fvar%2frun%2fopenldap%2
fldapi/");
if (rc != LDAP_SUCCESS) {
krb5_set_error_string(context, "ldap_initialize: %s", ldap_err2string(rc
));
return HDB_ERR_NOENTRY;
You can also download it from:
www.iem.pw.edu.pl/~wielebap/ldap/heimdal/
If you're using heimdal from the base system sources, apply a patch to:
/usr/src/crypto/heimdal/lib/hdb/hdb-ldap.c
>Release-Note:
>Audit-Trail:
>Unformatted:
More information about the freebsd-ports-bugs
mailing list