Hello,
I tried to uses ApacheDS 1.0.2 for Kerberos Service now.
Trying to use this documentation:
http://directory.apache.org/apacheds/1.0/kerberos-protocol-configuration.html
The after part does not work:
--- SNIP ---
ERROR [org.apache.directory.daemon.Bootstrapper] - Failed on
org.apache.directory.server.Service.init(InstallationLayout, String[])
org.springframework.beans.factory.BeanCreationException: Error creating bean
with name 'kdcConfiguration' defined in URL
[file:/C:/Programme/apacheds-1.0.2/conf/server.xml]: Error setting property
values; nested exception is
org.springframework.beans.NotWritablePropertyException: Invalid property
'enabled' of bean class
[org.apache.directory.server.kerberos.kdc.KdcConfiguration]: Bean property
'enabled' is not writable or has an invalid setter method: Does the parameter
type of the setter match the return type of the getter?
org.springframework.beans.NotWritablePropertyException: Invalid property
'enabled' of bean class
[org.apache.directory.server.kerberos.kdc.KdcConfiguration]: Bean property
'enabled' is not writable or has an invalid setter method: Does the parameter
type of the setter match the return type of the getter?
--- SNAP ---
So I uncomment the two kdc lines in server.xml:
--- SNIP ---
<beans>
<bean id="environment"
class="org.springframework.beans.factory.config.PropertiesFactoryBean">
<property name="properties">
<props>
<prop key="java.naming.security.authentication">simple</prop>
<prop key="java.naming.security.principal">uid=admin,ou=system</prop>
<prop key="java.naming.security.credentials">secret</prop>
<prop key="kdc.entryBaseDn">ou=users,dc=example,dc=com</prop>
<prop key="kdc.java.naming.security.credentials">secret</prop>
<!--<prop
key="changepw.entryBaseDn">ou=users,dc=example,dc=com</prop>-->
--- SNAP ---
And uncomment this lines for loading LDIF files on startup:
--- SNIP ---
<property name="ldifDirectory">
<value>../ldif</value>
</property>
<property name="ldifFilters">
<list>
<bean
class="org.apache.directory.server.protocol.shared.store.Krb5KdcEntryFilter"/>
</list>
</property>
--- SNAP ---
Using LDIF from
http://thejavamonkey.blogspot.com/2008/07/using-apache-directory-server-as-kdc.html
With this additional lines:
--- SNIP ---
# Users store
dn: ou=users,dc=example,dc=com
objectClass: top
objectClass: organizationalUnit
ou: users
--- SNAP ---
But no kerberos is running.
I got all open ports with "netstat -a -n -b":
--- SNIP ---
Proto Locale address remote address Status
TCP 0.0.0.0:10389 0.0.0.0:0 ABHÖREN
[apacheds.exe]
TCP 127.0.0.1:30003 0.0.0.0:0 ABHÖREN
[apacheds.exe]
TCP 127.0.0.1:1075 127.0.0.1:1076 HERGESTELLT
[apacheds.exe]
TCP 127.0.0.1:1076 127.0.0.1:1075 HERGESTELLT
[apacheds.exe]
TCP 127.0.0.1:1083 127.0.0.1:1084 HERGESTELLT
[apacheds.exe]
TCP 127.0.0.1:1084 127.0.0.1:1083 HERGESTELLT
[apacheds.exe]
--- SNAP ---
30003 is the shutdown port according to
http://mail-archives.apache.org/mod_mbox/directory-commits/200601.mbox/[EMAIL
PROTECTED]
--- SNIP ---
shutdownPort = AvailablePortFinder.getNextAvailable( 30003 );
--- SNAP ---
10389 is the LDAP port.
Any idea?
With regards,
Michael Decker
--
Michael Decker
mobileX AG Tel.: 089 / 54 24 33 - 14
Rottmannstr. 11 Fax: 089 / 54 24 33 - 55
80333 München Web: http://www.mobilexag.de
Registergericht: Amtsgericht München
Handelsregisternr: HRB 134850
Vorstand: Hannes Heckner
Aufsichtsratvors.: Karl-Heinz Horrer
-----Ursprüngliche Nachricht-----
Von: Michael Decker
Gesendet: Mittwoch, 3. September 2008 15:31
An: [email protected]
Betreff: [ApacheDS] How to setup as kerberos server
Hello,
I want to develope an application using kerberos for SSO.
So I thought it would be nice to use ApacheDS for this job, because it's a
smaller system and could be versioned by SVN.
This howto draft is out of date:
http://cwiki.apache.org/DIRxSBOX/draft-apacheds-kerberos-principal-configuration.html
What I've to configure instead of this lines?
--- SNIP ---
<bean id="kdcConfiguration"
class="org.apache.directory.server.kerberos.kdc.KdcConfiguration">
<!-- Whether to enable the Kerberos protocol. -->
<property name="enabled" value="true" />
<!-- The port to run the Kerberos protocol on. -->
<property name="ipPort" value="88" />
</bean>
--- SNAP ---
<bean
class="org.apache.directory.server.core.configuration.MutableInterceptorConfiguration">
<property name="name" value="keyDerivationService" />
<property name="interceptor">
<bean
class="org.apache.directory.server.core.kerberos.KeyDerivationService" />
</property>
</bean>
--- SNIP ---
Taks a lot.
With regards,
Michael Decker
--
Michael Decker
mobileX AG Tel.: 089 / 54 24 33 - 14
Rottmannstr. 11 Fax: 089 / 54 24 33 - 55
80333 München Web: http://www.mobilexag.de
Registergericht: Amtsgericht München
Handelsregisternr: HRB 134850
Vorstand: Hannes Heckner
Aufsichtsratvors.: Karl-Heinz Horrer
