It depends. If you want to use 389ds as a Kerberos database backend then you should import the schema into the directory and yes, you'll need to create principals or modify the existing ldap entries to accept kerberos attributes, as you've said you did with openldap. I've done it with my 389ds lab and it works.
El mié, 15-06-2011 a las 12:08 +0200, Gioachino Bartolotta escribió:
Hi all,
I have a problem in setup kerberos with 389 and I tried to do using
the documents available on 389 site and RedHat.
I followed everything, but I am unable to get the initial ticket from
kerberos. Have I to add these records as I have always done with
openldap??
dn: ou=KerberosPrincipals,ou=Users,dc=domain
ou: KerberosPrincipals
objectClass: top
objectClass: organizationalUnit
dn: krb5PrincipalName=ldapmaster/admin@DOMAN,ou=KerberosPrincipals,ou=Users,dc=domain
objectClass: top
objectClass: person
objectClass: krb5Principal
objectClass: krb5KDCEntry
krb5PrincipalName: ldapmaster/admin@DOMAIN
krb5KeyVersionNumber: 1
krb5MaxLife: 86400
krb5MaxRenew: 604800
krb5KDCFlags: 126
cn: ldapmaster/admin@domain
sn: ldapmaster/admin@domain
userPassword: {MD5}5S2YxFmBmhF3WTbY37t5KQ==
Thanks
-- 389 users mailing list 389-users@xxxxxxxxxxxxxxxxxxxxxxx https://admin.fedoraproject.org/mailman/listinfo/389-users
