Filter
Top Products
Configuring the Kerberos Server with LDAP
Configuration Files for LDAP Integration
Chapter 6 75
This file is generated automatically based on the input provided by you
while autoconfiguring the Kerberos server. Alternatively, a sample file is
available in the /opt/krb5/examples directory. You can copy this file to
the /opt/krb5 directory, and manually edit it. HP recommends that you
use the autoconfiguration tool to generate this file.
This file must reside in the /opt/krb5 directory and must have the
following permissions:
-rw------- root 3 sys
The krb5_ldap.conf File Format
Following is the format of the krb5_ldap.conf file:
ldap_enabled = 1
directory_servers = fox.bambi.com:389
base_dn_for_search = o=bambi.com
security_mech = password
proxy_user=cn = Directory Manager
proxy_user_password = <#$%^&*0#$0^&@1!$^%#10^0%>
default_object_template = account
default_princ_subtree = ou=People,o=bambi.com
default_objcls_attr = uid
Use the krb5_encrypt tool to modify the proxy_user_password field in the
/opt/krb5/krb5_ldap.conf file. You must change the proxy field
whenever you change the password of the proxy user or the master key.
Ensure that the encryption key type and the master key type are the
same; else the Kerberos server will not connect to the LDAP server.
Table 6-2 provides a detailed description of the various parameters in the
krb5_ldap.conf file.
Table 6-2 krb5_ldap.conf File Format
Parameter Description
ldap_enabled This line indicates whether you
have enabled LDAP.
1 indicates that you have enabled
LDAP and 0 indicates that you
have not enabled LDAP as the
backend database.