You are viewing a plain text version of this content. The canonical link for it is here.
Posted to commits@directory.apache.org by el...@apache.org on 2013/02/15 19:42:55 UTC
svn commit: r1446721 - in /directory/site/trunk/content/apacheds/kerberos-ug:
4.2-authenticate-studio.mdtext images/enable-kerberos.png
images/ldap-config.png images/open-config.png
Author: elecharny
Date: Fri Feb 15 18:42:55 2013
New Revision: 1446721
URL: http://svn.apache.org/r1446721
Log:
Added some more contet
Added:
directory/site/trunk/content/apacheds/kerberos-ug/images/enable-kerberos.png (with props)
directory/site/trunk/content/apacheds/kerberos-ug/images/ldap-config.png (with props)
directory/site/trunk/content/apacheds/kerberos-ug/images/open-config.png (with props)
Modified:
directory/site/trunk/content/apacheds/kerberos-ug/4.2-authenticate-studio.mdtext
Modified: directory/site/trunk/content/apacheds/kerberos-ug/4.2-authenticate-studio.mdtext
URL: http://svn.apache.org/viewvc/directory/site/trunk/content/apacheds/kerberos-ug/4.2-authenticate-studio.mdtext?rev=1446721&r1=1446720&r2=1446721&view=diff
==============================================================================
--- directory/site/trunk/content/apacheds/kerberos-ug/4.2-authenticate-studio.mdtext (original)
+++ directory/site/trunk/content/apacheds/kerberos-ug/4.2-authenticate-studio.mdtext Fri Feb 15 18:42:55 2013
@@ -42,6 +42,49 @@ and :
![authentication](images/authentication.png)
</DIV>
+Once connected, right click on the connection :
+
+<DIV align="center">
+![Open Configuration](images/open-config.png)
+</DIV>
+
+On the **Overview** tab, check the **Enable Kerberos Server** box :
+
+<DIV align="center">
+![Enable Kerberos Server](images/enable-kerberos.png)
+</DIV>
+
+### LDAP Server configuration
+
+There are a few parameters that are to be set in the **LDAP** configuration :
+
+ * The _SASL host_ must be the local server name (here, EXAMPLE.COM)
+ * The _SASL principal_ is **ldap/EXAMPLE.COM@EXAMPLE.COM**
+ * The _Search Base DN_ should point to the place under which we store users and services (_dc=security,dc=example,dc=com_)
+
+Here is a snapshot of this configuration :
+
+<DIV align="center">
+![LDAP configuration](images/ldap-config.png)
+</DIV>
+
+
+### Kerberos Server configuration
+
+### Other configuration
+
+There is one more thing that you need to configure : your domain name (here, _EXAMPLE.COM_) has to be reachable on your machine. Either you define in on a **DNS** server, or you can also add it in your _/etc/hosts_ file.
+
+Here is a way to add it on a local host :
+
+ :::
+ ...
+ 127.0.0.1 localhost EXAMPLE.COM
+ ...
+
+<DIV class="warning" markdown="1">
+It's largely preferable to declare the server in a DNS.
+</DIV>
## LDAP Hierarchy
@@ -113,7 +156,7 @@ The import thing is the _krb5PrincipalNa
Once the user has been injected, we can see that the server has created some krb5Key attributes :
:::text
- dn: uid=hnelson,ou=users,dc=security,dc=example,dc=com
+ dn: uid=hnelson,ou=users,dc=security,dc=example,dc=com
objectClass: top
objectClass: krb5KDCEntry
objectClass: inetOrgPerson
@@ -180,10 +223,10 @@ Here is the associated LDIF file :
<DIV class="info" markdown="1">
Three important things :
- * the userPassword is 'randomkey'. The key won't be generated based on a know password, they will use a random key.
- * the _krb5PrincipalName_ has one more information, after the '/' character : _EXAMPLE.COM_ for the **krbtgt** service, and **localhost** for the **ldap** service.
+ - the userPassword is 'randomkey'. The key won't be generated based on a know password, they will use a random key.
+ - the _krb5PrincipalName_ has one more information, after the '/' character : _EXAMPLE.COM_ for the **krbtgt** service, and **localhost** for the **ldap** service.
</DIV>
-Again, once those entries have been injected in the LDAP server, the krb5Key attributeTypes will be created
+Again, once those entries have been injected in the LDAP server, the _krb5Key_ attributeTypes will be created
##
\ No newline at end of file
Added: directory/site/trunk/content/apacheds/kerberos-ug/images/enable-kerberos.png
URL: http://svn.apache.org/viewvc/directory/site/trunk/content/apacheds/kerberos-ug/images/enable-kerberos.png?rev=1446721&view=auto
==============================================================================
Binary file - no diff available.
Propchange: directory/site/trunk/content/apacheds/kerberos-ug/images/enable-kerberos.png
------------------------------------------------------------------------------
svn:mime-type = application/octet-stream
Added: directory/site/trunk/content/apacheds/kerberos-ug/images/ldap-config.png
URL: http://svn.apache.org/viewvc/directory/site/trunk/content/apacheds/kerberos-ug/images/ldap-config.png?rev=1446721&view=auto
==============================================================================
Binary file - no diff available.
Propchange: directory/site/trunk/content/apacheds/kerberos-ug/images/ldap-config.png
------------------------------------------------------------------------------
svn:mime-type = application/octet-stream
Added: directory/site/trunk/content/apacheds/kerberos-ug/images/open-config.png
URL: http://svn.apache.org/viewvc/directory/site/trunk/content/apacheds/kerberos-ug/images/open-config.png?rev=1446721&view=auto
==============================================================================
Binary file - no diff available.
Propchange: directory/site/trunk/content/apacheds/kerberos-ug/images/open-config.png
------------------------------------------------------------------------------
svn:mime-type = application/octet-stream