Installing OpenLdap + Heimdal Kerberos on Debian Stretch with Multiple Realm
Setting-up OpenLdap
apt install slapd
- Define the admin password
Run dpkg-reconfigure slapd et make initial config. Choose MDB as backend
In the following, we suppose you have the root dn of your db in ROOTDN. So if you choose example.com as domain in the previous set, set export ROOTDN="dc=example,dc=com"
- Disable anonymous binds et require authentication
cat <<'EOF' | ldapadd -Y EXTERNAL -H ldapi:///
dn: cn=config
changetype: modify
add: olcDisallows
olcDisallows: bind_anon
dn: cn=config
changetype: modify
add: olcRequires
olcRequires: authc
dn: olcDatabase={-1}frontend,cn=config
changetype: modify
add: olcRequires
olcRequires: authc
dn: olcDatabase={1}mdb,cn=config
changetype: modify
add: olcRequires
olcRequires: authc
EOFOptionally set a password to access cn=config (I use Apache Directory Studio)
PASSWORD=$(slappasswd -c '$6$rounds=100001$%.16s')
cat <<EOF | ldapmodify -Y EXTERNAL -H ldapi:///
dn: olcDatabase={0}config,cn=config
changetype: modify
replace: olcRootPW
olcRootPW: $PASSWORD
EOF
unset PASSWORD