kadmin (heimdal port) ignores the ldap backend
Boris Samorodov
bsam at ipt.ru
Wed Jun 1 11:19:33 PDT 2005
On Wed, 01 Jun 2005 18:25:44 +0200 fandino wrote:
> Boris Samorodov wrote:
> > On Wed, 01 Jun 2005 12:17:31 +0200 fandino wrote:
> >> I'm testing a new configuration with heimdal and the ldap backend
> >>but kadmin is completely ignoring the ldap directive in the dbname
> >>definition.
> ...
> >>when the realm is initied kadmin creates a couple of files with the literal
> >>dbname definition (adding ldap: as filename prefix) instead of contacting
> >>the openldap server.
> >
> >># /usr/local/sbin/kadmin -l
> >>kadmin> init OLIMPUS
> >>Realm max ticket life [unlimited]:
> >>Realm max renewable ticket life [unlimited]:
> >># ls -l
> >>...
> >>-rw------- 1 root wheel 32768 May 31 10:19 ldap:ou=gods,dc=olimpus.db
> >>-rw------- 1 root wheel 7584 May 31 10:19 ldap:ou=gods,dc=olimpus.log
> >>...
> >>anyone knows what I'm missing?
> > What version of FreeBSD do you have? 5.4-RELEASE has heimdal 0.6.3
> > at
> > the base system.
> I'm using 5.4-RELEASE.
> > Do you build FreeBSD with Kerberos support? There may be system
> Yes, it was builded with Kerberos(0.6.3) and the heimdal port
Aha, thus you install system libraries to /usr/lib etc...
> (0.6.3) was also installed in order to get ldap support for
...and those libraries from the port install to /usr/local/lib...
> kerberos without getting messed with the system kerberos.
...and finally get it messed.
> > libraries located earlier in LDD_PATH which kadmin uses. Try ktrace
> > and kdump to see which libraries are used at run-time.
> you have found something interesting, this strace[1] shows us
> that /usr/local/sbin/kadmin (the port kadmin binary) is using
> "/usr/local/lib/libkadm5clnt.so.6" and "/usr/lib/libkadm5srv.so.7"
> could libkadm5srv be the culprit (now I haven't access to this box)?
I think this is the point.
> how I can force /usr/local/sbin/kadmin to use the port library
> and not the system library?
1. The main idea is to force search at /usr/local/lib before
/usr/lib.
a) you may set LD_LIBRARY_PATH=/usr/local/lib:$LD_LIBRARY_PATH at your
system default profile; (but may be some other progs got to be
mulfunctioning);
b) you may write script like:
--- kadmin.sh ---
#!/bin/sh
LD_LIBRARY_PATH=/usr/local/lib:$LD_LIBRARY_PATH; export LD_LIBRARY_PATH
kadmin %1 %2 %3
-----------------
Maybe it's a better solution.
2. Set HEIMDAL_HOME=/usr at /etc/make.conf. So the local_base for the
port is /usr. But then you won't get installed some docs (and maybe
some more files). (Hey, is port broken?)
Yes, this will replace your system files. But there won't be a
mess. ;-) And, yes, you'll have to reinstall the port after system
upgrade.
Hence, all versions are rather more a hack then even a workaround, not
to say a solution.
I don't know any good solution. System files are installed to
/usr. Many programs use those libraries. One need to install a version
from ports. Those libraries are installed to /usr/local. But then
one'll want to use ssh (linked to the system library) to authenticate
somebody via LDAP/Kerberos...
Who can give us a good solution?
PS. CC:freebsd-stable@ seems to be the right thing.
WBR
--
bsam
More information about the freebsd-ports
mailing list