You need:
1) java on your path, to run 'ldapbrowser' and 'apacheds-osgi'.
2) Disable any conflicting services, ie any running on your computer that are duplicated with apacheds. Namely, NTP, MIT Kerberos, OpenLDAP, BIND DNS, etc. Likely you have at least NTP running. Worst case you'll get a bind error and stacktrace from Java/Felix/ApacheDS.
# service ntpd stop
3) Run 'apacheds'. This should result in the Felix console and our various bundles.
# cd apacheds-osgi/ # ./apacheds.sh
4) Run 'ldapbrowser' from the command-line or you can probably double-click it. It's a Java Swing app.
# cd ldapbrowser/ # ./lbe.sh &
In the ldapbrowser, there are two sessions configured for you. Select 'localhost-system' to get the system partition, where sensitive system config info is, or select 'localhost-example' to get to the "example.com" partition where user data is.
5) To test NTP you can use 'ntpdate':
# ntpdate -u localhost 14 May 10:57:15 ntpdate[602]: adjust time server 127.0.0.1 offset -0.000259 sec
6) To test DNS you can use 'dig'. You're looking for the IP address of 'www.example.com' to come back as '192.168.0.1'. If you navigate in the 'ldapbrowser' to:
cn=A,dc=www,dc=example,dc=com,dc=example,dc=com
... you can see where to change this IP address.
# dig @localhost www.example.com A ; <<>> DiG 9.3.2 <<>> @localhost www.example.com A ; (1 server found) ;; global options: printcmd ;; Got answer: ;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 40709 ;; flags: qr rd; QUERY: 1, ANSWER: 1, AUTHORITY: 0, ADDITIONAL: 0 ;; QUESTION SECTION: ;www.example.com. IN A ;; ANSWER SECTION: www.example.com. 86400 IN A 192.168.0.1 ;; Query time: 64 msec ;; SERVER: 127.0.0.1#53(127.0.0.1) ;; WHEN: Sun May 14 10:57:57 2006 ;; MSG SIZE rcvd: 64
7) You need to place a 'krb5.conf' in '/etc', overwriting the one that may be there.
To run the gnome-kerberos app you likely need krb5 libs installed:
# rpm -qa | grep krb krb5-libs-1.4.3-4.1 pam_krb5-2.2.6-2.2 krb5-workstation-1.4.3-4.1
If not you can use 'kinit' which comes with java.
You can use the gnome-kerberos app or the command line 'kinit' to get a Kerberos ticket for the 'akarasulu@EXAMPLE.COM' user with password 'maxwell'.
# kinit -f akarasulu@EXAMPLE.COM Password for akarasulu@EXAMPLE.COM: maxwell [root@localhost ~]# klist Ticket cache: FILE:/tmp/krb5cc_0 Default principal: akarasulu@EXAMPLE.COM Valid starting Expires Service principal 05/14/06 10:54:24 05/15/06 10:54:22 krbtgt/EXAMPLE.COM@EXAMPLE.COM
8) Change Password works but the setup is even more complicated and to make matters worse we have password policy enforcement in place. But, the gnome-kerberos client will do password changes.
[logging] default = FILE:/var/log/krb5libs.log kdc = FILE:/var/log/krb5kdc.log admin_server = FILE:/var/log/kadmind.log [libdefaults] default_realm = EXAMPLE.COM dns_lookup_realm = false dns_lookup_kdc = false ticket_lifetime = 24h forwardable = yes default_tgs_enctypes = des-cbc-md5 default_tkt_enctypes = des-cbc-md5 preferred_enctypes = des-cbc-md5 permitted_enctypes = des-cbc-md5 [realms] EXAMPLE.COM = { kdc = localhost:88 kpasswd_server = localhost:464 default_domain = example.com } [domain_realm] .example.com = EXAMPLE.COM example.com = EXAMPLE.COM [kdc] profile = /var/kerberos/krb5kdc/kdc.conf [appdefaults] pam = { debug = false ticket_lifetime = 36000 renew_lifetime = 36000 forwardable = true krb4_convert = false }