Heimdal with OpenLDAP backend: Cannot open /usr/lib/hdb_ldap.so

From: O. Hartmann <ohartman_at_zedat.fu-berlin.de> Date: Thu, 30 Oct 2014 09:20:39 +0100 · This archive was generated by hypermail 2.4.0 : Wed May 19 2021 - 11:40:53 UTC

On CURRENT (FreeBSD 11.0-CURRENT #0 r273810: Wed Oct 29 07:52:22 CET
2014 amd64) a running net/openldap24-sasl-server system is installed and
running and is now about to be the database backend for
Kerberos/Heimdal. net/openldap24-sasl-server is at
openldap-sasl-server-2.4.40.

The database storage scheme of the LDAP backend is MDB, as it is highly
recommended by the vendors of OpenLDAP.

Searching for suitable manuals, I found some HowTos describing how to
setup MIT Kerberos V with an OpenLDAP backend and I started following
the instructions there. Despite the fact that http://www.h5l.org/manual
is dead(!) and no usefull documentation or any kind of a hint where to
find useful documentation for Heimdal can be found, many of the MIT
Kerberos V setup instructions seem to be a dead end when using Heimdal
on FreeBSD. Most of the links on that heimdal site ends up in ERROR 404!

Well, I think my objective isn't that exotic in an more advanced server
environment and I think since FreeBSD is supposed to be used in
advanced server environments this task should be well known - but
little information/documentation is available.

Nevertheless, I use the base system's heimdal implementation and I run
into a very frustrating error when trying to run "kamdin -l":

kadmin: error trying to load dynamic module /usr/lib/hdb_ldap.so:
Cannot open "/usr/lib/hdb_ldap.so"

The setup for the stanza [kdc] is

[...]
[kdc]
        database =    {
                dbname=ldap:ou=kerberos,dc=server,dc=gdr
                #hdb-ldap-structural-object     = inetOrgPerson
		mkey_file = /var/heimdal/m-key 
		acl_file = /var/heimdal/kadmind.acl
}

instructions taken from  http://www.padl.com/Research/Heimdal.html.

Well, it seems that FreeBSD ships with a crippled heimdal
implementation. Where is /usr/lib/hdb_ldap.so?

I'm toying around this issue for several days now and it gets more and
more frustrating, also with the perspective of having no running samba
4.1 server for the windows domain.

Can someone give me a hint where to find suitable FreeBSD docs for a
task like this? I guess since FreeBSD is considered a server OS more
than a desktop/toy OS, there must be a solution for this. FreeBSD ships
with heimdal in the base, but it seems this heimdal is broken.

P.S. Please CC me.