Problem configuring LDAP backend
Braden McDaniel
braden at endoframe.com
Mon Apr 9 23:32:52 EDT 2012
I am trying to use OpenLDAP to store the Kerberos database. I'm using
1.9.3 on Fedora 16. My /etc/krb5.conf looks like this:
[logging]
default = FILE:/var/log/krb5libs.log
kdc = FILE:/var/log/krb5kdc.log
admin_server = FILE:/var/log/kadmind.log
[libdefaults]
dns_lookup_realm = false
dns_lookup_kdc = true
ticket_lifetime = 24h
renew_lifetime = 7d
forwardable = yes
default_realm = ENDOFRAME.NET
[realms]
ENDOFRAME.NET = {
kdc = kerberos.endoframe.net
admin_server = kerberos.endoframe.net
default_domain = endoframe.net
database_module = openldap_ldapconf
}
[domain_realm]
endoframe.net = ENDOFRAME.NET
.endoframe.net = ENDOFRAME.NET
[dbdefaults]
ldap_kerberos_container_dn = dc=endoframe,dc=net
[dbmodules]
openldap_ldapconf {
db_library = kldap
ldap_kdc_dn = "cn=Manager,dc=endoframe,dc=net"
ldap_kadmind_dn = "cn=Manager,dc=endoframe,dc=net"
ldap_service_password_file = /var/kerberos/krb5kdc/service.keyfile
}
When I try to run kdb5_ldap_util, it complains of an error in the file:
# kdb5_ldap_util -D cn=Manager,dc=endoframe,dc=net create -subtrees dc=endoframe,dc=net -r ENDOFRAME.NET -s -H ldap://ldap.endoframe.net
kdb5_ldap_util: Improper format of Kerberos configuration file while initializing Kerberos code
One thing I am very likely doing wrong is the
ldap_service_password_file. What is the format of this file supposed to
be? Am I correct in my impression that my LDAP RootPW is what goes into
this file?
--
Braden McDaniel <braden at endoframe.com>
More information about the Kerberos
mailing list