In this section, we will discuss the process to integrate LDAP with Kerberos in the Ubuntu Server.
In this section, we will discuss how to set up LDAP with Kerberos. First, add the LDAP admin and LDAP server to the Kerberos server using the following command via kadmin
:
kadmin - p kradmin
Inside kdamin
, execute the following commands:
kadmin: add princ [email protected] kadmin: add princ -randkey ldap/server.myubuntu.com kadmin: ktadd -k /etc/ldap/ldap.keytab ldap/server.myubuntu.com
The first command will create the LDAP admin user, and you will be asked for a password. We then create a separate keytab at the /etc/ldap/ldap.keytab
location so as to keep LDAP different from the system-specific keytab. Then, change the file permissions and owner so that LDAP becomes the owner of this keytab:
chown openldap:openldap /etc/ldap/ldap.keytab
Ensure that the slapd process is looking for the right keytab, and add this line to the /etc/default/slapd...