ldap database error when creating initial stash

Michael Aldridge michael.aldridge at utdallas.edu
Thu Jun 30 11:55:23 EDT 2016


Todd,

You are correct that that is in ldif format.  The ldap server gets built
up by using the bare minimum to get it online and then all the other
schemata and associated files are loaded in with the server online.

The distro is Void Linux, with kerberos version 1.14.2.

I must admit I'm struggling to see what you are seeing.  The error text
to me sounds like it can't even find the ldap backend, much less try to
actually talk to it.  Can you explain why you think this might be a
schema error?

--Michael

On 06/30/2016 09:06 AM, Todd Grayson wrote:
> Michael, I apologize but I'm not familiar with that kind of formatting
> for the kerberos.schema file... the one I'm looking at looks like this
> (segment).
> 
> What linux distro/versions are you working over? 
> 
> That almost looks like the kind of format you would see converting the
> .schema to .ldif or something? 
> 
> Not being able to parse the schema file is what I was pointing out for
> that error...
> 
> --- snip of kerberos.schema as provided in ubuntu ---
> 
> attributetype ( 2.16.840.1.113719.1.301.4.1.1
>                 NAME 'krbPrincipalName'
>                 EQUALITY caseExactIA5Match
> SUBSTR caseExactSubstringsMatch
>                 SYNTAX 1.3.6.1.4.1.1466.115.121.1.26)
> 
> ...
> ...
> 
> objectclass ( 2.16.840.1.113719.1.301.6.16.1
>                 NAME 'krbTicketPolicyAux'
>                 SUP top
>                 AUXILIARY
>                 MAY ( krbTicketFlags $ krbMaxTicketLife $
> krbMaxRenewableAge ) )
> 
> 
> On Thu, Jun 30, 2016 at 12:48 AM, Michael Aldridge
> <michael.aldridge at utdallas.edu <mailto:michael.aldridge at utdallas.edu>>
> wrote:
> 
>     While I have not done an in depth comparison, my schema would appear to
>     just be a re-formatted version of the schema provided in the source
>     tree.  I believe I originally obtained it from an ubuntu release
>     slightly more than a year ago.  What is striking here is that this all
>     worked less than a month ago on my test platform.
> 
>     For the curious, here is the schema I'm using:
>     https://raw.githubusercontent.com/collegiumv/cv_config/master/roles/slapd/files/cn%3D%7B4%7Dkerberos.ldif
> 
>     --Michael
> 
>     On 06/30/2016 01:25 AM, Todd Grayson wrote:
>     > Got schema issues?  Perhaps?
>     >
>     > http://blog.gmane.org/gmane.comp.encryption.kerberos.bugs/month=20131201
>     >
>     > Magic google phrase:
>     >
>     > openldap kerberos schema "Unable to find requested database type"
>     >
>     > On Thu, Jun 30, 2016 at 12:18 AM, Michael Aldridge
>     > <michael.aldridge at utdallas.edu
>     <mailto:michael.aldridge at utdallas.edu>
>     <mailto:michael.aldridge at utdallas.edu
>     <mailto:michael.aldridge at utdallas.edu>>>
>     > wrote:
>     >
>     >     Greetings,
>     >
>     >     I hope I am emailing the correct list and if I am not then please accept
>     >     my apology.  I am in the process of standing up a pair of KDCs and I am
>     >     encountering this error when attempting to create the initial password
>     >     stash for accessing the ldap server that backs the kerberos database:
>     >
>     >     kdb5_ldap_util: Unable to find requested database type while setting up
>     >     lib handle
>     >
>     >     The command I ran to get that error message is:
>     >
>     >     sudo kdb5_ldap_util -D "cn=krbAdmService,dc=collegiumv,dc=org"
>     >     stashsrvpw -f /var/krb5kdc/ldap.keyfile
>     >     "cn=krbAdmService,dc=collegiumv,dc=org"
>     >
>     >     I have used my best google-fu but still come up empty.  I can see
>     >     several people who seem to have had the same issue, but I cannot find a
>     >     solution.  I appreciate any insight to this error.
>     >
>     >     --Michael
>     >
>     >     --
>     >     Michael Aldridge
>     >     Network Administrator
>     >     Collegium V Honors College
>     >     The University of Texas at Dallas
>     >     ________________________________________________
>     >     Kerberos mailing list           Kerberos at mit.edu <mailto:Kerberos at mit.edu>
>     >     <mailto:Kerberos at mit.edu <mailto:Kerberos at mit.edu>>
>     >     https://mailman.mit.edu/mailman/listinfo/kerberos
>     >
>     >
>     >
>     >
>     > --
>     > Todd Grayson
>     > Business Operations Manager
>     > Customer Operations Engineering
>     > Security SME
>     >
>     ________________________________________________
>     Kerberos mailing list           Kerberos at mit.edu
>     <mailto:Kerberos at mit.edu>
>     https://mailman.mit.edu/mailman/listinfo/kerberos
> 
> 
> 
> 
> -- 
> Todd Grayson
> Business Operations Manager
> Customer Operations Engineering
> Security SME
> 



More information about the Kerberos mailing list