ldap database error when creating initial stash
Todd Grayson
tgrayson at cloudera.com
Thu Jun 30 12:01:22 EDT 2016
sorry "kerberos.ldif" not "schema.ldif"
On Thu, Jun 30, 2016 at 10:00 AM, Todd Grayson <tgrayson at cloudera.com>
wrote:
> Is the file supposed to be schema.ldif once its converted that way?
>
> On Thu, Jun 30, 2016 at 9:58 AM, Todd Grayson <tgrayson at cloudera.com>
> wrote:
>
>> The discussion in the mail list I sent, the error emerged as it was
>> parsing broken schema information in the file...
>>
>> On Thu, Jun 30, 2016 at 9:55 AM, Michael Aldridge <
>> michael.aldridge at utdallas.edu> wrote:
>>
>>> Todd,
>>>
>>> You are correct that that is in ldif format. The ldap server gets built
>>> up by using the bare minimum to get it online and then all the other
>>> schemata and associated files are loaded in with the server online.
>>>
>>> The distro is Void Linux, with kerberos version 1.14.2.
>>>
>>> I must admit I'm struggling to see what you are seeing. The error text
>>> to me sounds like it can't even find the ldap backend, much less try to
>>> actually talk to it. Can you explain why you think this might be a
>>> schema error?
>>>
>>> --Michael
>>>
>>> On 06/30/2016 09:06 AM, Todd Grayson wrote:
>>> > Michael, I apologize but I'm not familiar with that kind of formatting
>>> > for the kerberos.schema file... the one I'm looking at looks like this
>>> > (segment).
>>> >
>>> > What linux distro/versions are you working over?
>>> >
>>> > That almost looks like the kind of format you would see converting the
>>> > .schema to .ldif or something?
>>> >
>>> > Not being able to parse the schema file is what I was pointing out for
>>> > that error...
>>> >
>>> > --- snip of kerberos.schema as provided in ubuntu ---
>>> >
>>> > attributetype ( 2.16.840.1.113719.1.301.4.1.1
>>> > NAME 'krbPrincipalName'
>>> > EQUALITY caseExactIA5Match
>>> > SUBSTR caseExactSubstringsMatch
>>> > SYNTAX 1.3.6.1.4.1.1466.115.121.1.26)
>>> >
>>> > ...
>>> > ...
>>> >
>>> > objectclass ( 2.16.840.1.113719.1.301.6.16.1
>>> > NAME 'krbTicketPolicyAux'
>>> > SUP top
>>> > AUXILIARY
>>> > MAY ( krbTicketFlags $ krbMaxTicketLife $
>>> > krbMaxRenewableAge ) )
>>> >
>>> >
>>> > On Thu, Jun 30, 2016 at 12:48 AM, Michael Aldridge
>>> > <michael.aldridge at utdallas.edu <mailto:michael.aldridge at utdallas.edu>>
>>> > wrote:
>>> >
>>> > While I have not done an in depth comparison, my schema would
>>> appear to
>>> > just be a re-formatted version of the schema provided in the source
>>> > tree. I believe I originally obtained it from an ubuntu release
>>> > slightly more than a year ago. What is striking here is that this
>>> all
>>> > worked less than a month ago on my test platform.
>>> >
>>> > For the curious, here is the schema I'm using:
>>> >
>>> https://raw.githubusercontent.com/collegiumv/cv_config/master/roles/slapd/files/cn%3D%7B4%7Dkerberos.ldif
>>> >
>>> > --Michael
>>> >
>>> > On 06/30/2016 01:25 AM, Todd Grayson wrote:
>>> > > Got schema issues? Perhaps?
>>> > >
>>> > >
>>> http://blog.gmane.org/gmane.comp.encryption.kerberos.bugs/month=20131201
>>> > >
>>> > > Magic google phrase:
>>> > >
>>> > > openldap kerberos schema "Unable to find requested database type"
>>> > >
>>> > > On Thu, Jun 30, 2016 at 12:18 AM, Michael Aldridge
>>> > > <michael.aldridge at utdallas.edu
>>> > <mailto:michael.aldridge at utdallas.edu>
>>> > <mailto:michael.aldridge at utdallas.edu
>>> > <mailto:michael.aldridge at utdallas.edu>>>
>>> > > wrote:
>>> > >
>>> > > Greetings,
>>> > >
>>> > > I hope I am emailing the correct list and if I am not then
>>> please accept
>>> > > my apology. I am in the process of standing up a pair of
>>> KDCs and I am
>>> > > encountering this error when attempting to create the
>>> initial password
>>> > > stash for accessing the ldap server that backs the kerberos
>>> database:
>>> > >
>>> > > kdb5_ldap_util: Unable to find requested database type while
>>> setting up
>>> > > lib handle
>>> > >
>>> > > The command I ran to get that error message is:
>>> > >
>>> > > sudo kdb5_ldap_util -D
>>> "cn=krbAdmService,dc=collegiumv,dc=org"
>>> > > stashsrvpw -f /var/krb5kdc/ldap.keyfile
>>> > > "cn=krbAdmService,dc=collegiumv,dc=org"
>>> > >
>>> > > I have used my best google-fu but still come up empty. I
>>> can see
>>> > > several people who seem to have had the same issue, but I
>>> cannot find a
>>> > > solution. I appreciate any insight to this error.
>>> > >
>>> > > --Michael
>>> > >
>>> > > --
>>> > > Michael Aldridge
>>> > > Network Administrator
>>> > > Collegium V Honors College
>>> > > The University of Texas at Dallas
>>> > > ________________________________________________
>>> > > Kerberos mailing list Kerberos at mit.edu <mailto:
>>> Kerberos at mit.edu>
>>> > > <mailto:Kerberos at mit.edu <mailto:Kerberos at mit.edu>>
>>> > > https://mailman.mit.edu/mailman/listinfo/kerberos
>>> > >
>>> > >
>>> > >
>>> > >
>>> > > --
>>> > > Todd Grayson
>>> > > Business Operations Manager
>>> > > Customer Operations Engineering
>>> > > Security SME
>>> > >
>>> > ________________________________________________
>>> > Kerberos mailing list Kerberos at mit.edu
>>> > <mailto:Kerberos at mit.edu>
>>> > https://mailman.mit.edu/mailman/listinfo/kerberos
>>> >
>>> >
>>> >
>>> >
>>> > --
>>> > Todd Grayson
>>> > Business Operations Manager
>>> > Customer Operations Engineering
>>> > Security SME
>>> >
>>>
>>> ________________________________________________
>>> Kerberos mailing list Kerberos at mit.edu
>>> https://mailman.mit.edu/mailman/listinfo/kerberos
>>>
>>
>>
>>
>> --
>> Todd Grayson
>> Business Operations Manager
>> Customer Operations Engineering
>> Security SME
>>
>>
>
>
> --
> Todd Grayson
> Business Operations Manager
> Customer Operations Engineering
> Security SME
>
>
--
Todd Grayson
Business Operations Manager
Customer Operations Engineering
Security SME
More information about the Kerberos
mailing list