kadmin (heimdal port) ignores the ldap backend

fandino fandino at ng.fadesa.es
Thu Jun 2 04:05:12 PDT 2005

Boris Samorodov wrote:
>>>Do you build FreeBSD with Kerberos support? There may be system
>>Yes, it was builded with Kerberos(0.6.3) and the heimdal port
> Aha, thus you install system libraries to /usr/lib etc...
>>(0.6.3) was also installed in order to get ldap support for heimdal
> ...and those libraries from the port install to /usr/local/lib...


>>kerberos without getting messed with the system kerberos.
> ...and finally get it messed.

sometimes the longest way is _really_ the hardest way ;-)

>>>libraries located earlier in LDD_PATH which kadmin uses. Try ktrace
>>>and kdump to see which libraries are used at run-time.
>>you have found something interesting, this strace[1] shows us
>>that /usr/local/sbin/kadmin (the port kadmin binary) is using
>>"/usr/local/lib/libkadm5clnt.so.6" and "/usr/lib/libkadm5srv.so.7"
>>could libkadm5srv be the culprit (now I haven't access to this box)?
> I think this is the point. 
>>how I can force /usr/local/sbin/kadmin to use the port library
>>and not the system library?
> 1. The main idea is to force search at /usr/local/lib before
> /usr/lib

I removed temporally all /usr/lib/libkadm5srv* libraries and as results
kadmin was forced to load /usr/local libraries, but I get the same
problem :-(

again kadmin doesn't use ldap and fallback to database files.

> 2. Set HEIMDAL_HOME=/usr at /etc/make.conf. So the local_base for the
> port is /usr. But then you won't get installed some docs (and maybe
> some more files). (Hey, is port broken?)
> Yes, this will replace your system files. But there won't be a
> mess. ;-) And, yes, you'll have to reinstall the port after system
> upgrade.
> Hence, all versions are rather more a hack then even a workaround, not
> to say a solution.

I will try that, but I'm afraid it doesn't work because in the anterior
test the correct libraries were used and the problem persists.

> Who can give us a good solution?

Anyone knows how to use ldap as backend for the heimdal port in FreeBSD?

More information about the freebsd-ports mailing list