search for: kerberosprincipals

Good afternoon. I'm configuring dovecot to authenticate users against a samba server running as an active directory domain controller. I followed the instructions as stated in the page https://wiki.dovecot.org/Authentication/Kerberos and considering the sentence that states [...]The Kerberos authentication mechanism doesn't require having a passdb, but you do need a userdb[...] I

...logon home = \\cannibal\%U bind interfaces only = yes interfaces = eth0, lo hosts allow = 10.10.10. 127. wins support = yes dns proxy = yes passdb backend = ldapsam:ldaps://cannibal.example.com/ ldap admin dn = cn=ldapmaster/admin@EXAMPLE.COM,ou=KerberosPrincipals,dc=example,dc=com ldap suffix = dc=hogwarth,dc=edu ldap group suffix = ou=groups ldap user suffix = ou=KerberosPrincipals ldap machine suffix = ou=computers ldap idmap suffix = sambaDomainName=EXAMPLE ldap ssl = On ldap delete dn = Yes...

Is it possible to override the provider parameter when describing a user? My Ruby skills are quite limited, but it appears that provider is always chosen based on the operating system. I would like to build a user provider that will be almost identical to the objectadd one, but uses cpu[1] to add users and groups to an ldap directory. Since the cpu commands basically mirror the native

...e database. Heimdal will pick up the Samba LDAP entries if they are in the same search space as the Kerberos entries." There is absolutely no further documentation. I tried with this tree: dc=mycnc,dc=com ou=People,dc=mycnc,dc=com heimdal is configured to use ou=people (I also tried with ou=KerberosPrincipals), where I already have some entries. My goal is to use only one password to avoid the sambaNTPassword/userPassword/kerberos mess (three passwords). I was under the impression that this setup should get me that. If I add a principal with a name that is already in ou=people as a posix and samba acc...