ldap database error when creating initial stash

Todd Grayson tgrayson at cloudera.com
Thu Jun 30 10:06:14 EDT 2016 

Michael, I apologize but I'm not familiar with that kind of formatting for
the kerberos.schema file... the one I'm looking at looks like this
(segment).

What linux distro/versions are you working over?

That almost looks like the kind of format you would see converting the
.schema to .ldif or something?

Not being able to parse the schema file is what I was pointing out for that
error...

--- snip of kerberos.schema as provided in ubuntu ---

attributetype ( 2.16.840.1.113719.1.301.4.1.1
                NAME 'krbPrincipalName'
                EQUALITY caseExactIA5Match
SUBSTR caseExactSubstringsMatch
                SYNTAX 1.3.6.1.4.1.1466.115.121.1.26)

...
...

objectclass ( 2.16.840.1.113719.1.301.6.16.1
                NAME 'krbTicketPolicyAux'
                SUP top
                AUXILIARY
                MAY ( krbTicketFlags $ krbMaxTicketLife $
krbMaxRenewableAge ) )


On Thu, Jun 30, 2016 at 12:48 AM, Michael Aldridge <
michael.aldridge at utdallas.edu> wrote:

> While I have not done an in depth comparison, my schema would appear to
> just be a re-formatted version of the schema provided in the source
> tree.  I believe I originally obtained it from an ubuntu release
> slightly more than a year ago.  What is striking here is that this all
> worked less than a month ago on my test platform.
>
> For the curious, here is the schema I'm using:
>
> https://raw.githubusercontent.com/collegiumv/cv_config/master/roles/slapd/files/cn%3D%7B4%7Dkerberos.ldif
>
> --Michael
>
> On 06/30/2016 01:25 AM, Todd Grayson wrote:
> > Got schema issues?  Perhaps?
> >
> > http://blog.gmane.org/gmane.comp.encryption.kerberos.bugs/month=20131201
> >
> > Magic google phrase:
> >
> > openldap kerberos schema "Unable to find requested database type"
> >
> > On Thu, Jun 30, 2016 at 12:18 AM, Michael Aldridge
> > <michael.aldridge at utdallas.edu <mailto:michael.aldridge at utdallas.edu>>
> > wrote:
> >
> >     Greetings,
> >
> >     I hope I am emailing the correct list and if I am not then please
> accept
> >     my apology.  I am in the process of standing up a pair of KDCs and I
> am
> >     encountering this error when attempting to create the initial
> password
> >     stash for accessing the ldap server that backs the kerberos database:
> >
> >     kdb5_ldap_util: Unable to find requested database type while setting
> up
> >     lib handle
> >
> >     The command I ran to get that error message is:
> >
> >     sudo kdb5_ldap_util -D "cn=krbAdmService,dc=collegiumv,dc=org"
> >     stashsrvpw -f /var/krb5kdc/ldap.keyfile
> >     "cn=krbAdmService,dc=collegiumv,dc=org"
> >
> >     I have used my best google-fu but still come up empty.  I can see
> >     several people who seem to have had the same issue, but I cannot
> find a
> >     solution.  I appreciate any insight to this error.
> >
> >     --Michael
> >
> >     --
> >     Michael Aldridge
> >     Network Administrator
> >     Collegium V Honors College
> >     The University of Texas at Dallas
> >     ________________________________________________
> >     Kerberos mailing list           Kerberos at mit.edu
> >     <mailto:Kerberos at mit.edu>
> >     https://mailman.mit.edu/mailman/listinfo/kerberos
> >
> >
> >
> >
> > --
> > Todd Grayson
> > Business Operations Manager
> > Customer Operations Engineering
> > Security SME
> >
> ________________________________________________
> Kerberos mailing list           Kerberos at mit.edu
> https://mailman.mit.edu/mailman/listinfo/kerberos
>



-- 
Todd Grayson
Business Operations Manager
Customer Operations Engineering
Security SME

More information about the Kerberos mailing list