[prev in list] [next in list] [prev in thread] [next in thread]
List: kerberos
Subject: Re: list principals using ldap back end
From: Tom Parker <tparker () cbnco ! com>
Date: 2010-09-30 20:19:35
Message-ID: 4CA4F0D7.6030904 () cbnco ! com
[Download RAW message or body]
Hi Kevin,
One more thing I just thought of.
Check the value for sscope (Search Scope). It should be in your
Kerberos Realm Container as krbSearchScope. If this is set to 1 it will
not search your subtrees.
From the krb5_ldap_util man page:
-sscope search_scope
Specifies the scope for searching the principals under the
subtrees. The possible values are 1 or one (one level), 2 or sub
(subtrees).
You can fix this with the krb5_ldap_util modify command or by
adding/modifying this attribute in your krbRealmContainer
Tom
On 09/30/2010 03:10 PM, Kevin Longfellow wrote:
> Hi,
>
> I tried to find this in the documentation so if someone could point me in the
> right direction, I would appreciate it. I am trying to list all the kerberos
> principals created with a LDAP back end that are not in the realm container.
> Using kadmin list_principals only shows what is in the realm container. We have
> the user principals in a different cn by using -subtrees when the realm was
> created. It looks like kdb5_ldap_util might be able to do this?
>
> Thanks for any help with this.
>
> Kevin
>
>
>
>
> ________________________________________________
> Kerberos mailing list Kerberos@mit.edu
> https://mailman.mit.edu/mailman/listinfo/kerberos
________________________________________________
Kerberos mailing list Kerberos@mit.edu
https://mailman.mit.edu/mailman/listinfo/kerberos
[prev in list] [next in list] [prev in thread] [next in thread]
Configure |
About |
News |
Add a list |
Sponsored by KoreLogic