Installing OpenLdap + Heimdal Kerberos on Debian Stretch with Multiple Realm
Setting-up OpenLdap
apt install slapd
- Define the admin password
Run dpkg-reconfigure slapd et make initial config. Choose MDB as backend
In the following, we suppose you have the root dn of your db in ROOTDN. So if you choose example.com as domain in the previous set, set export ROOTDN="dc=example,dc=com"
- Disable anonymous binds et require authentication
cat <<'EOF' | ldapadd -Y EXTERNAL -H ldapi:/// dn: cn=config changetype: modify add: olcDisallows olcDisallows: bind_anon dn: cn=config changetype: modify add: olcRequires olcRequires: authc dn: olcDatabase={-1}frontend,cn=config changetype: modify add: olcRequires olcRequires: authc dn: olcDatabase={1}mdb,cn=config changetype: modify add: olcRequires olcRequires: authc EOF
Optionally set a password to access cn=config (I use Apache Directory Studio)
PASSWORD=$(slappasswd -c '$6$rounds=100001$%.16s') cat <<EOF | ldapmodify -Y EXTERNAL -H ldapi:/// dn: olcDatabase={0}config,cn=config changetype: modify replace: olcRootPW olcRootPW: $PASSWORD EOF unset PASSWORD