Novell Documentation: Novell Kerberos KDC - Updating Kerberos LDAP Extension Information

Updating Kerberos LDAP Extension Information

You can update the ldapExtensionInfo attribute on the LDAP server object using the kdb5_util utility as follows:

kdb5_util [-D user_dn [-w passwd]] [-h ldap_server] 
         [-p ldap_port] [-t trusted_cert] 
 
ldapxtn_info -add|-clear [-t trusted_cert]

For example:

kdb5_util -D cn=admin,o=org -h ldap-server1.mit.edu -p 636 ldapxtn_info -add

Table 34. ldapxtn_info Parameter Description

Parameter	Description
-D	Distinguished name of the user who has sufficient rights to authenticate to the LDAP server.
-w	Specifies the userdn password. This is not recommended.
-h	Host name or IP Address of the server hosting LDAP service for a Kerberos realm.
-p	SSL port number of the LDAP server.
-t	Specifies the filename that contains Trusted Root Certificate of the LDAP server.
-add	Adds Kerberos LDAP extension information (OIDs for Kerberos LDAP Extensions) to ldapExtensionInfo on the LDAP server object.
-clear	Removes Kerberos LDAP extension information (OIDs for Kerberos LDAP Extensions) from ldapExtensionInfo on the LDAP server object.