Filter
Top Products
Configuring the Kerberos Server with LDAP
Setting up Your LDAP Configuration
Chapter 686
• What is the name of your default principal subtree DN?
Each RDN in a DN corresponds to a branch in the DIT leading from
the root of the DIT to the directory entry. The search base node
subtree designates all the containers for the various information
types under the base DN.
For example, ou=accounts, ou=people, o=bambi.com
By default, all Kerberos principals are added in the default principal
subtree, if no LDAP entry is specified while creating the kerberos
principal. The default principal subtree DN must be located under
the default base DN for search.
NOTE To effectively search for data you must add all subtree entries under
the default base DN.
• Where are your certificates located?
This path defines the location of the database that contains the
certificates for your client. The database must contain the cert7.db
certificate, which is used by Mozilla or Netscape client.x. You must
specify the path to the directory containing the certificate database.
For example, /.netscape/cert7.db.
• What is the name of your proxy user?
Write down the distinguished name of the proxy user, if needed. The
Kerberos server binds to the Directory server as the proxy user. This
user must have the appropriate privileges to create, modify and
delete Kerberos principals.
For example, cn=Anne.
• What is the name of your default object class template?
The Kerberos principal must be associated with at least one
structural object class on the Directory server. The Kerberos server
uses this template for those Kerberos principals who do not have an
existing object class to be associated with on the Directory server.
For example, posixaccount.
• What are the attributes of your object class?