Hello,
I recently added Kerberos authentication to my LDAP server,OpenLDAP provider
server and an MIT Kerberos master KDC on the same host with Kerberos using LDAP
as its back-end database, and I am trying to connect the other servers to
it.After doing this simple binding is not applicable any more as used to be
before. Found that webauthldap module can help in that, but still can't get it
work!
Here is my configuration which was working before the integration and my source
is "http://wiki.davical.org/w/Configuration/LDAP#Kerberos_Authentication";
$c->authenticate_hook['config'] = array( 'host' =>
'ldap.domain.com', //host name of your LDAP Server 'port' => '389',
//port// 'bindDN' => 'cn=admin,dc=domain,dc=com', //DN to bind
request to this server (if required)// 'passDN' => 'password',
//Password of request bind 'baseDNUsers' => 'ou=People,dc=domain,dc=com',
//where to look for valid user 'filterUsers' => 'objectClass=*', //filter
which must validate a user according to RFC4515, i.e. surrounded by brackets
'protocolVersion' => 3, // important for simple auth (no sasl)// 'startTLS'
=> true, // securing your LDAP connection 'i_use_mode_kerberos' =>
"i_know_what_i_am_doing",
Anyway I am trying now to do the binding via Apache using webauthldap, and here
is my configuration,WebAuthLdapHost ldap.domain.comWebAuthLdapBase
ou=people,dc=domain,dc=comWebAuthLdapAuthorizationAttribute uid
#WebAuthLdapKeytab /etc/webauth/keytabWebAuthLdapKeytab
/etc/apache2/webauth.keytabWebAuthLdapTktCache
/var/lib/webauth/krb5cc_ldapWebAuthLdapSSL offWebAuthLdapDebug On I also
created a kerberos principal for this webauth/calendar.domain.com ,and attached
a keytab to it /etc/apache2/webauth.keytab
But looks still something missing in this cycle to get it work! Can any see the
problem here?
Thanks.
