Problem configuring LDAP backend

Braden McDaniel braden at endoframe.com
Mon Apr 9 23:32:52 EDT 2012


I am trying to use OpenLDAP to store the Kerberos database.  I'm using
1.9.3 on Fedora 16.  My /etc/krb5.conf looks like this:

        [logging]
         default = FILE:/var/log/krb5libs.log
         kdc = FILE:/var/log/krb5kdc.log
         admin_server = FILE:/var/log/kadmind.log
        
        [libdefaults]
         dns_lookup_realm = false
         dns_lookup_kdc = true
         ticket_lifetime = 24h
         renew_lifetime = 7d
         forwardable = yes
        
         default_realm = ENDOFRAME.NET
        [realms]
         ENDOFRAME.NET = {
          kdc = kerberos.endoframe.net
          admin_server = kerberos.endoframe.net
          default_domain = endoframe.net
          database_module = openldap_ldapconf                                         
         }
        
        [domain_realm]
         endoframe.net = ENDOFRAME.NET
         .endoframe.net = ENDOFRAME.NET
        
        [dbdefaults]
         ldap_kerberos_container_dn = dc=endoframe,dc=net
        
        [dbmodules]
         openldap_ldapconf {                                                          
          db_library = kldap                                                          
          ldap_kdc_dn = "cn=Manager,dc=endoframe,dc=net"                              
          ldap_kadmind_dn = "cn=Manager,dc=endoframe,dc=net"                          
          ldap_service_password_file = /var/kerberos/krb5kdc/service.keyfile          
         }                                                                            

When I try to run kdb5_ldap_util, it complains of an error in the file:

        # kdb5_ldap_util -D cn=Manager,dc=endoframe,dc=net create -subtrees dc=endoframe,dc=net -r ENDOFRAME.NET -s -H ldap://ldap.endoframe.net
        kdb5_ldap_util: Improper format of Kerberos configuration file while initializing Kerberos code
        
One thing I am very likely doing wrong is the
ldap_service_password_file.  What is the format of this file supposed to
be?  Am I correct in my impression that my LDAP RootPW is what goes into
this file?

-- 
Braden McDaniel <braden at endoframe.com>



More information about the Kerberos mailing list