ldap database error when creating initial stash

Todd Grayson tgrayson at cloudera.com
Thu Jun 30 12:00:13 EDT 2016 

Is the file supposed to be schema.ldif once its converted that way?

On Thu, Jun 30, 2016 at 9:58 AM, Todd Grayson <tgrayson at cloudera.com> wrote:

> The discussion in the mail list I sent, the error emerged as it was
> parsing broken schema information in the file...
>
> On Thu, Jun 30, 2016 at 9:55 AM, Michael Aldridge <
> michael.aldridge at utdallas.edu> wrote:
>
>> Todd,
>>
>> You are correct that that is in ldif format.  The ldap server gets built
>> up by using the bare minimum to get it online and then all the other
>> schemata and associated files are loaded in with the server online.
>>
>> The distro is Void Linux, with kerberos version 1.14.2.
>>
>> I must admit I'm struggling to see what you are seeing.  The error text
>> to me sounds like it can't even find the ldap backend, much less try to
>> actually talk to it.  Can you explain why you think this might be a
>> schema error?
>>
>> --Michael
>>
>> On 06/30/2016 09:06 AM, Todd Grayson wrote:
>> > Michael, I apologize but I'm not familiar with that kind of formatting
>> > for the kerberos.schema file... the one I'm looking at looks like this
>> > (segment).
>> >
>> > What linux distro/versions are you working over?
>> >
>> > That almost looks like the kind of format you would see converting the
>> > .schema to .ldif or something?
>> >
>> > Not being able to parse the schema file is what I was pointing out for
>> > that error...
>> >
>> > --- snip of kerberos.schema as provided in ubuntu ---
>> >
>> > attributetype ( 2.16.840.1.113719.1.301.4.1.1
>> >                 NAME 'krbPrincipalName'
>> >                 EQUALITY caseExactIA5Match
>> > SUBSTR caseExactSubstringsMatch
>> >                 SYNTAX 1.3.6.1.4.1.1466.115.121.1.26)
>> >
>> > ...
>> > ...
>> >
>> > objectclass ( 2.16.840.1.113719.1.301.6.16.1
>> >                 NAME 'krbTicketPolicyAux'
>> >                 SUP top
>> >                 AUXILIARY
>> >                 MAY ( krbTicketFlags $ krbMaxTicketLife $
>> > krbMaxRenewableAge ) )
>> >
>> >
>> > On Thu, Jun 30, 2016 at 12:48 AM, Michael Aldridge
>> > <michael.aldridge at utdallas.edu <mailto:michael.aldridge at utdallas.edu>>
>> > wrote:
>> >
>> >     While I have not done an in depth comparison, my schema would
>> appear to
>> >     just be a re-formatted version of the schema provided in the source
>> >     tree.  I believe I originally obtained it from an ubuntu release
>> >     slightly more than a year ago.  What is striking here is that this
>> all
>> >     worked less than a month ago on my test platform.
>> >
>> >     For the curious, here is the schema I'm using:
>> >
>> https://raw.githubusercontent.com/collegiumv/cv_config/master/roles/slapd/files/cn%3D%7B4%7Dkerberos.ldif
>> >
>> >     --Michael
>> >
>> >     On 06/30/2016 01:25 AM, Todd Grayson wrote:
>> >     > Got schema issues?  Perhaps?
>> >     >
>> >     >
>> http://blog.gmane.org/gmane.comp.encryption.kerberos.bugs/month=20131201
>> >     >
>> >     > Magic google phrase:
>> >     >
>> >     > openldap kerberos schema "Unable to find requested database type"
>> >     >
>> >     > On Thu, Jun 30, 2016 at 12:18 AM, Michael Aldridge
>> >     > <michael.aldridge at utdallas.edu
>> >     <mailto:michael.aldridge at utdallas.edu>
>> >     <mailto:michael.aldridge at utdallas.edu
>> >     <mailto:michael.aldridge at utdallas.edu>>>
>> >     > wrote:
>> >     >
>> >     >     Greetings,
>> >     >
>> >     >     I hope I am emailing the correct list and if I am not then
>> please accept
>> >     >     my apology.  I am in the process of standing up a pair of
>> KDCs and I am
>> >     >     encountering this error when attempting to create the initial
>> password
>> >     >     stash for accessing the ldap server that backs the kerberos
>> database:
>> >     >
>> >     >     kdb5_ldap_util: Unable to find requested database type while
>> setting up
>> >     >     lib handle
>> >     >
>> >     >     The command I ran to get that error message is:
>> >     >
>> >     >     sudo kdb5_ldap_util -D "cn=krbAdmService,dc=collegiumv,dc=org"
>> >     >     stashsrvpw -f /var/krb5kdc/ldap.keyfile
>> >     >     "cn=krbAdmService,dc=collegiumv,dc=org"
>> >     >
>> >     >     I have used my best google-fu but still come up empty.  I can
>> see
>> >     >     several people who seem to have had the same issue, but I
>> cannot find a
>> >     >     solution.  I appreciate any insight to this error.
>> >     >
>> >     >     --Michael
>> >     >
>> >     >     --
>> >     >     Michael Aldridge
>> >     >     Network Administrator
>> >     >     Collegium V Honors College
>> >     >     The University of Texas at Dallas
>> >     >     ________________________________________________
>> >     >     Kerberos mailing list           Kerberos at mit.edu <mailto:
>> Kerberos at mit.edu>
>> >     >     <mailto:Kerberos at mit.edu <mailto:Kerberos at mit.edu>>
>> >     >     https://mailman.mit.edu/mailman/listinfo/kerberos
>> >     >
>> >     >
>> >     >
>> >     >
>> >     > --
>> >     > Todd Grayson
>> >     > Business Operations Manager
>> >     > Customer Operations Engineering
>> >     > Security SME
>> >     >
>> >     ________________________________________________
>> >     Kerberos mailing list           Kerberos at mit.edu
>> >     <mailto:Kerberos at mit.edu>
>> >     https://mailman.mit.edu/mailman/listinfo/kerberos
>> >
>> >
>> >
>> >
>> > --
>> > Todd Grayson
>> > Business Operations Manager
>> > Customer Operations Engineering
>> > Security SME
>> >
>>
>> ________________________________________________
>> Kerberos mailing list           Kerberos at mit.edu
>> https://mailman.mit.edu/mailman/listinfo/kerberos
>>
>
>
>
> --
> Todd Grayson
> Business Operations Manager
> Customer Operations Engineering
> Security SME
>
>


-- 
Todd Grayson
Business Operations Manager
Customer Operations Engineering
Security SME

More information about the Kerberos mailing list