You are viewing a plain text version of this content. The canonical link for it is here.
Posted to commits@directory.apache.org by el...@apache.org on 2013/02/15 19:42:55 UTC

svn commit: r1446721 - in /directory/site/trunk/content/apacheds/kerberos-ug: 4.2-authenticate-studio.mdtext images/enable-kerberos.png images/ldap-config.png images/open-config.png

Author: elecharny
Date: Fri Feb 15 18:42:55 2013
New Revision: 1446721

URL: http://svn.apache.org/r1446721
Log:
Added some more contet

Added:
    directory/site/trunk/content/apacheds/kerberos-ug/images/enable-kerberos.png   (with props)
    directory/site/trunk/content/apacheds/kerberos-ug/images/ldap-config.png   (with props)
    directory/site/trunk/content/apacheds/kerberos-ug/images/open-config.png   (with props)
Modified:
    directory/site/trunk/content/apacheds/kerberos-ug/4.2-authenticate-studio.mdtext

Modified: directory/site/trunk/content/apacheds/kerberos-ug/4.2-authenticate-studio.mdtext
URL: http://svn.apache.org/viewvc/directory/site/trunk/content/apacheds/kerberos-ug/4.2-authenticate-studio.mdtext?rev=1446721&r1=1446720&r2=1446721&view=diff
==============================================================================
--- directory/site/trunk/content/apacheds/kerberos-ug/4.2-authenticate-studio.mdtext (original)
+++ directory/site/trunk/content/apacheds/kerberos-ug/4.2-authenticate-studio.mdtext Fri Feb 15 18:42:55 2013
@@ -42,6 +42,49 @@ and :
 ![authentication](images/authentication.png)
 </DIV>
 
+Once connected, right click on the connection :
+
+<DIV align="center">
+![Open Configuration](images/open-config.png)
+</DIV>
+
+On the **Overview** tab, check the **Enable Kerberos Server** box :
+
+<DIV align="center">
+![Enable Kerberos Server](images/enable-kerberos.png)
+</DIV>
+
+### LDAP Server configuration
+
+There are a few parameters that are to be set in the **LDAP** configuration :
+
+    * The _SASL host_ must be the local server name (here, EXAMPLE.COM)
+    * The _SASL principal_ is **ldap/EXAMPLE.COM@EXAMPLE.COM**
+    * The _Search Base DN_ should point to the place under which we store users and services (_dc=security,dc=example,dc=com_)
+
+Here is a snapshot of this configuration :
+
+<DIV align="center">
+![LDAP configuration](images/ldap-config.png)
+</DIV>
+
+
+### Kerberos Server configuration
+
+### Other configuration
+
+There is one more thing that you need to configure : your domain name (here, _EXAMPLE.COM_) has to be reachable on your machine. Either you define in on a **DNS** server, or you can also add it in your _/etc/hosts_ file.
+
+Here is a way to add it on a local host :
+
+    :::
+    ...
+    127.0.0.1 localhost EXAMPLE.COM
+    ...
+
+<DIV class="warning" markdown="1">
+It's largely preferable to declare the server in a DNS.
+</DIV>
 
 ## LDAP Hierarchy
 
@@ -113,7 +156,7 @@ The import thing is the _krb5PrincipalNa
 Once the user has been injected, we can see that the server has created some krb5Key attributes :
 
     :::text
-   dn: uid=hnelson,ou=users,dc=security,dc=example,dc=com
+    dn: uid=hnelson,ou=users,dc=security,dc=example,dc=com
     objectClass: top
     objectClass: krb5KDCEntry
     objectClass: inetOrgPerson
@@ -180,10 +223,10 @@ Here is the associated LDIF file :
 <DIV class="info" markdown="1">
 Three important things :
 
-    * the userPassword is 'randomkey'. The key won't be generated based on a know password, they will use a random key.
-    * the _krb5PrincipalName_ has one more information, after the '/' character : _EXAMPLE.COM_ for the **krbtgt** service, and **localhost** for the **ldap** service.
+    - the userPassword is 'randomkey'. The key won't be generated based on a know password, they will use a random key.
+    - the _krb5PrincipalName_ has one more information, after the '/' character : _EXAMPLE.COM_ for the **krbtgt** service, and **localhost** for the **ldap** service.
 </DIV>
 
-Again, once those entries have been injected in the LDAP server, the krb5Key attributeTypes will be created
+Again, once those entries have been injected in the LDAP server, the _krb5Key_ attributeTypes will be created
 
 ## 
\ No newline at end of file

Added: directory/site/trunk/content/apacheds/kerberos-ug/images/enable-kerberos.png
URL: http://svn.apache.org/viewvc/directory/site/trunk/content/apacheds/kerberos-ug/images/enable-kerberos.png?rev=1446721&view=auto
==============================================================================
Binary file - no diff available.

Propchange: directory/site/trunk/content/apacheds/kerberos-ug/images/enable-kerberos.png
------------------------------------------------------------------------------
    svn:mime-type = application/octet-stream

Added: directory/site/trunk/content/apacheds/kerberos-ug/images/ldap-config.png
URL: http://svn.apache.org/viewvc/directory/site/trunk/content/apacheds/kerberos-ug/images/ldap-config.png?rev=1446721&view=auto
==============================================================================
Binary file - no diff available.

Propchange: directory/site/trunk/content/apacheds/kerberos-ug/images/ldap-config.png
------------------------------------------------------------------------------
    svn:mime-type = application/octet-stream

Added: directory/site/trunk/content/apacheds/kerberos-ug/images/open-config.png
URL: http://svn.apache.org/viewvc/directory/site/trunk/content/apacheds/kerberos-ug/images/open-config.png?rev=1446721&view=auto
==============================================================================
Binary file - no diff available.

Propchange: directory/site/trunk/content/apacheds/kerberos-ug/images/open-config.png
------------------------------------------------------------------------------
    svn:mime-type = application/octet-stream