
Configuring the Kerberos Server with LDAP
Configuration Files for LDAP Integration
Chapter 676
directory_server This line indicates a space
separated list of LDAP Servers.
Example: fox.bambi.com:389
base_dn_for_search This line indicates the default
base DN for search is the root of
the directory tree on the Directory
server, where the Kerberos server
searches for kerberos principals.
Example: ou=People,
default_princ_subtree The default principal subtree DN
is where all Kerberos principals
are added by default, if no LDAP
entry is specified while creating
the kerberos principal. The
default principal subtree DN must
be located under the default base
DN for search functionality.
Example: ou=people,
security_mech This line specifies the security
mechanism used to connect to the
LDAP server. Currently, the
supported mechanisms are
Password and Secure Sockets
Layer (SSL).
default_object_template This line specifies the structural
class, which is added by default.
Example: posixaccount
Table 6-2 krb5_ldap.conf File Format (Continued)
Parameter Description