Hi Francesco, I'm not sure if the LDAP Backend is used much, so any issues you run into are probably more likely to be bugs rather than anything else :-) Contributions welcome of course!
Colm. On Wed, Feb 20, 2019 at 2:01 PM Kiran Ayyagari <[email protected]> wrote: > On Wed, Feb 20, 2019 at 2:46 PM Francesco Chicchiriccò < > [email protected]> > wrote: > > > Hi there, > > I would like to implement a Kerby-based KDC using LDAP as authentication > > back-end. > > > > I based my code on [1] and [2] and what I have now is a KDC listening on > > 8888 which can be queried via standard kinit / klist linux commands. > > > > The server is initialized as shown in [3]. > > > > All is fine when I add a principal as follows: > > > > kadmin.addPrincipal(alice, "alice"); > > File keytabFile = new File(workDir + "/alice.keytab"); > > kadmin.exportKeytab(keytabFile, alice); > > > > and then authenticate via > > > > kinit alice@AD4EI > > > > and provide "alice" as password. > > > > I also notice that the user > > > > uid=alice,ou=People,o=isp > > > > is created on LDAP, with appropriate object classes but empty password. > > > > When I set a password on such user on LDAP, different from "alice" > > above, I cannot manage kinit to work. > > > > While looking at LdapIdentityBackend source [4], effectively, I don't > > see any code managing user authentication, so maybe I am just doing > > something wrong. > > > > Can you provide some insight? Thanks. > > > > Regards. > > > > Side note: why is the Maven artifact ldap-backend depending on Apache > > DS? What if one wants to use Kerby with OpenLDAP, for example? > > > This was a very old implementation started as an example and I guess it > wasn't updated after my last commit. > (Also there was a plan to replace ApacheDS's kerberos component with Kerby, > so integrating and testing with ApacheDS was the first step) > > But modifying the said backend implementation to use LDAP API is the way to > support any LDAP server implementation. > > > > > [1] > > > > > https://github.com/coheigea/testcases/blob/master/apache/bigdata/kerberos/src/test/java/org/apache/coheigea/bigdata/kerberos/storm/StormKerbyTest.java > > [2] > > > > > https://github.com/apache/directory-kerby/blob/trunk/kerby-backend/ldap-backend/src/test/java/org/apache/kerby/kerberos/kerb/identity/backend/LdapBackendKdcTest.java > > [3] https://paste.apache.org/ep0B > > [4] > > > > > https://github.com/apache/directory-kerby/blob/trunk/kerby-backend/ldap-backend/src/main/java/org/apache/kerby/kerberos/kdc/identitybackend/LdapIdentityBackend.java > > > > -- > > Francesco Chicchiriccò > > > > Tirasa - Open Source Excellence > > http://www.tirasa.net/ > > > > Member at The Apache Software Foundation > > Syncope, Cocoon, Olingo, CXF, OpenJPA, PonyMail > > http://home.apache.org/~ilgrosso/ > > > > Kiran > -- Colm O hEigeartaigh Talend Community Coder http://coders.talend.com
