Exacq exacqVision Server/Client OS: Windows OpenLDAP User Manual User Manual

Windows Server & Client and OpenLDAP/Kerberos

www.e

x

acq.com

+1.317.845.5710
+44.1438.310163

USA (Corporate Headquarters)
Europe/Middle East/Asia

Page 1 of 3

12/1/2011

1

Configuration

The following process allows you to configure exacqVision permissions and privileges for accounts that exist on an
OpenLDAP/Kerberos server:

1. On the OpenLDAP/Kerberos server, ensure that your installed schema includes the following object types:



inetOrgPerson (RFC 2798)



organization (RFC 2256)



krbPrincipalAux (provided by the Ubuntu krb5-kdc-ldap package)

2. On the OpenLDAP/Kerberos server, ensure that your user accounts exist as inetOrgPerson objects, and that each account is

also marked with the krbPrincipalAux auxiliary object type. Ensure that each user account has the following attribute
values:



cn -- the user account's display name (for example, "John Smith").



krbPrincipalName -- the user account's Kerberos principal name (for example, "john.smith@REALM").



entryUUID -- the unique identifier for the user account, managed by the slapd daemon

3. On the OpenLDAP/Kerberos server, ensure that your user groups exist as organization objects and that each group has the

following attribute values:



o -- the group's display name (for example, "Marketing")



entryUUID -- the unique identifier for the group, managed by the slapd daemon

4. On the OpenLDAP/Kerberos server, ensure that your user accounts are associated with groups via an "o" attribute for each

group. Each inetOrgPerson object can have as many associated "o" attribute values as desired. The attribute value should
resemble "o=Engineers", for example, instead of "o=Engineers,dc=exacq,dc=test,dc=com."

5. Make sure the OpenLDAP/Kerberos server’s fully qualified host name can be resolved. To do this, open a command prompt,

ping the fully qualified host name, and look for a reply.

6. Make sure you have access to the ksetup command by completing the following steps:

A. For Windows XP, install the Windows XP Service Pack 2 Support Tools, available from Microsoft; for Windows

Vista, find and install the equivalent package. When installing Support Tools, select a "complete" install. After
installation, log out of Windows and then log in again.

NOTE: Other recent Windows versions, such as Windows 7 and Windows Server 2003, already include the ksetup
command.

B. Open a command prompt and verify that you can execute the ksetup command.