Hi to all,
we have 4 ldap-provider ldap1.example.net to ldap4.example.net. We
securing the replication via kerberos, everything works fine between the
providers. But now we want to set up some consumers. Between the
providers and the consumers a loadbalancer is located, so the consumers
only conne
:41 schrieb Stefan Kania:
> Hi to all,
>
> we have 4 ldap-provider ldap1.example.net to ldap4.example.net. We
> securing the replication via kerberos, everything works fine between the
> providers. But now we want to set up some consumers. Between the
> providers and the consumers
Hi Russ
Am 20.05.22 um 18:45 schrieb Russ Allbery:
> Stefan Kania writes:
>
>> we have 4 ldap-provider ldap1.example.net to ldap4.example.net. We
>> securing the replication via kerberos, everything works fine between the
>> providers. But now we want to set up som
Am 07.02.25 um 17:07 schrieb Greg Hudson:
On 2/7/25 08:58, Stefan Kania wrote:
in the kadm5.acl the "*" or the "x" gives all permission but not the
permission to extract the principal keys for this it the "e"
permission. Can some please explain to me how can I e
Hello,
in the kadm5.acl the "*" or the "x" gives all permission but not the
permission to extract the principal keys for this it the "e" permission.
Can some please explain to me how can I extract the principal key if I
have the "e" permission. I can't find anything that explain how to do it.
Am 07.03.25 um 02:10 schrieb Ken Hornstein via Kerberos:
Unfortunately, the Cyrus SASL library used by OpenLDAP has a limitation in
the GSSAPI mechanism, which is that it supports only a single service
principal name(*). By default, that's ldap/, using the machine's
configured FQDN. You can con
Am 08.03.25 um 21:23 schrieb Ken Hornstein:
If you are using MIT Kerberos (anything 1.10 or newer) on the
LDAP server, you can use the krb5.conf configuration entry
"ignore_acceptor_hostname" to allow the server to match on any valid
hostname. See details here:
Hi Ken,
that did it. Thank yo
We are using openldap 2.6 together with mti-kerberos version 1.18 on
debian 12.
Am 06.03.25 um 17:57 schrieb Jeffrey Hutzelman:
What LDAP server software are you using?
On Thu, Mar 6, 2025 at 11:44 AM Stefan Kania <mailto:ste...@kania-online.de>> wrote:
hi to all,
is it po
hi to all,
is it possible to set an alais for the spn? We still having the problem
doing kerberos authentication through a loadbalancer. We created a
principal for the loadbalancer and a keytab. We then added the key to
the ldap-keytab file, so we are having both, the ldap key for the server
Hi to all,
I'm having the following problem:
I set up an openldap with kerberos, now I want to add the srv-records
for Kerberos, but as DNS-Server we MUST use a DNS-Server from Active
Directory. So I can't add a srv-record _kerberos._tcp, because the
domain controller of the AD are keeping th
10 matches
Mail list logo
