LDAP backend - help needed...

Tue May 8 09:49:19 EDT 2012

Am 07.05.2012 17:38, schrieb Berthold Cogel:
> Hello!
> 
> I'm trying to get kerberos running with an LDAP backend.
> 
> System is RHEL 5.8 with krb5 1.6.1-70.el5 packages.
> 

Just for the book:

I can start krb5kdc and with lsof I can see that it is at least trying
to use LDAP (using ldaps at the moment):

[root at hydra krb5kdc]# lsof|grep krb5kdc|grep ldap
krb5kdc   32172      root  mem       REG        8,1    240584     459031
/usr/lib/libldap-2.3.so.0.2.31
krb5kdc   32172      root  mem       REG        8,1      4544     570170
/usr/lib/krb5/plugins/kdb/kldap.so
krb5kdc   32172      root  mem       REG        8,1     99348     457852
/usr/lib/libkdb_ldap.so.1.0
krb5kdc   32172      root    4u     IPv4   59169962       0t0        TCP
hydra.rrz.uni-koeln.de:36123->hydra.rrz.uni-koeln.de:ldaps (CLOSE_WAIT)
krb5kdc   32172      root    5u     IPv4   59169964       0t0        TCP
hydra.rrz.uni-koeln.de:36124->hydra.rrz.uni-koeln.de:ldaps (CLOSE_WAIT)
krb5kdc   32172      root    6u     IPv4   59169966       0t0        TCP
hydra.rrz.uni-koeln.de:36125->hydra.rrz.uni-koeln.de:ldaps (CLOSE_WAIT)
krb5kdc   32172      root    7u     IPv4   59169968       0t0        TCP
hydra.rrz.uni-koeln.de:36126->hydra.rrz.uni-koeln.de:ldaps (CLOSE_WAIT)
krb5kdc   32172      root    8u     IPv4   59169970       0t0        TCP
hydra.rrz.uni-koeln.de:36127->hydra.rrz.uni-koeln.de:ldaps (CLOSE_WAIT)

But I can not start kadmind:

[root at hydra krb5kdc]# service kadmin start
Starting Kerberos 5 Admin Server: kadmind: Invalid argument while
initializing, aborting
                                                           [FAILED]

and in /var/log/messages:

May  8 15:43:55 hydra kadmind[1020]: Invalid argument while
initializing, aborting