Changes for page KerberosAndLDAP

Summary

• Page properties (1 modified, 0 added, 0 removed)

Details

Page properties

Content

...	...	@@ -94,39 +94,5 @@
94	94	(% style="color:#400" %)
95	95	##{{{adding new entry "cn=kadmin,ou=kerberos,dc=example,dc=com"}}}##
96	96
97		-
98	98	Synology LDAP server did not like adding users with placeholder passwords, because Synology puts in place password policies. Hence changing this to a ##cn## instead of a ##uid##. It seems to have worked out fine as my KDC is fully functioning.
99	99
100		-
101		-===== Grant kdc and kadmin permissions: =====
102		-
103		-This switches back to the ##cn=config## DN as you are changing the permissions.
104		-
105		-$ ldapmodify -H ldaps:~/~/ds723.trudheim.com -W -D cn=config <<EOF
106		-
107		-dn: olcDatabase={1}bdb,cn=config
108		-add: olcAccess
109		-olcAccess: {0}to attrs=krbPrincipalKey
110		- by anonymous auth
111		- by dn.exact="cn=kdc,ou=kerberos,dc=trudheim,dc=com" write
112		- by dn.exact="cn=kadmin,ou=kerberos,dc=trudheim,dc=com" write
113		- by self write
114		- by * none
115		--
116		-add: olcAccess
117		-olcAccess: {1}to dn.subtree="cn=krbContainer,ou=kerberos,dc=example,dc=com"
118		- by dn.exact="cn=kdc,ou=kerberos,dc=trudheim,dc=com" write
119		- by dn.exact="cn=kadmin,ou=kerberos,dc=trudheim,dc=com" write
120		- by * none
121		-
122		-EOF
123		-
124		-Enter LDAP Password:
125		-modifying entry "olcDatabase={1}bdb,cn=config"
126		-
127		-$
128		-
129		-
130		-Note that we now reference our kdc and kadmin accounts and we grant them permission to the krbContainer which will house all our kerberos principals. Give both of them write access, because we do want to have the ability to track last login and lock accounts if there are login failures. We like security.
131		-
132		-