kdb5_ldap_util create fails

Greg Hudson ghudson at MIT.EDU
Sun Mar 9 12:51:17 EDT 2014


On 03/09/2014 08:20 AM, Tobias Hachmer wrote:
> If I create the first kerberos container manually [...] the
> kdb5_ldap_util from krb 1.12.1 exit with the error that the object
> has no cn like defined in schema for the krbContainer object.

> But the kdb5_ldap_util from krb 1.10.1 (debian tst machine) just
> leaves the first object as it is and initializes the kerberos
> backend in ldap:

Ah, yes.  As a result of some cleanup work, 1.12 always tries to
create the krbContainer object (tolerating an LDAP_ALREADY_EXISTS
error) while previous versions only create it if it can't be read.  I
wouldn't describe either behavior as a bug; they just have different
results in this corner case.


More information about the Kerberos mailing list