ldap database error when creating initial stash
Michael Aldridge
michael.aldridge at utdallas.edu
Thu Jun 30 12:15:52 EDT 2016
Yes, once converted it should be *.ldif.
--Michael
On 06/30/2016 11:01 AM, Todd Grayson wrote:
> sorry "kerberos.ldif" not "schema.ldif"
>
> On Thu, Jun 30, 2016 at 10:00 AM, Todd Grayson <tgrayson at cloudera.com
> <mailto:tgrayson at cloudera.com>> wrote:
>
> Is the file supposed to be schema.ldif once its converted that way?
>
> On Thu, Jun 30, 2016 at 9:58 AM, Todd Grayson <tgrayson at cloudera.com
> <mailto:tgrayson at cloudera.com>> wrote:
>
> The discussion in the mail list I sent, the error emerged as it
> was parsing broken schema information in the file...
>
> On Thu, Jun 30, 2016 at 9:55 AM, Michael Aldridge
> <michael.aldridge at utdallas.edu
> <mailto:michael.aldridge at utdallas.edu>> wrote:
>
> Todd,
>
> You are correct that that is in ldif format. The ldap
> server gets built
> up by using the bare minimum to get it online and then all
> the other
> schemata and associated files are loaded in with the server
> online.
>
> The distro is Void Linux, with kerberos version 1.14.2.
>
> I must admit I'm struggling to see what you are seeing. The
> error text
> to me sounds like it can't even find the ldap backend, much
> less try to
> actually talk to it. Can you explain why you think this
> might be a
> schema error?
>
> --Michael
>
> On 06/30/2016 09:06 AM, Todd Grayson wrote:
> > Michael, I apologize but I'm not familiar with that kind of formatting
> > for the kerberos.schema file... the one I'm looking at looks like this
> > (segment).
> >
> > What linux distro/versions are you working over?
> >
> > That almost looks like the kind of format you would see converting the
> > .schema to .ldif or something?
> >
> > Not being able to parse the schema file is what I was pointing out for
> > that error...
> >
> > --- snip of kerberos.schema as provided in ubuntu ---
> >
> > attributetype ( 2.16.840.1.113719.1.301.4.1.1
> > NAME 'krbPrincipalName'
> > EQUALITY caseExactIA5Match
> > SUBSTR caseExactSubstringsMatch
> > SYNTAX 1.3.6.1.4.1.1466.115.121.1.26)
> >
> > ...
> > ...
> >
> > objectclass ( 2.16.840.1.113719.1.301.6.16.1
> > NAME 'krbTicketPolicyAux'
> > SUP top
> > AUXILIARY
> > MAY ( krbTicketFlags $ krbMaxTicketLife $
> > krbMaxRenewableAge ) )
> >
> >
> > On Thu, Jun 30, 2016 at 12:48 AM, Michael Aldridge
> > <michael.aldridge at utdallas.edu
> <mailto:michael.aldridge at utdallas.edu>
> <mailto:michael.aldridge at utdallas.edu
> <mailto:michael.aldridge at utdallas.edu>>>
> > wrote:
> >
> > While I have not done an in depth comparison, my schema would appear to
> > just be a re-formatted version of the schema provided in the source
> > tree. I believe I originally obtained it from an ubuntu release
> > slightly more than a year ago. What is striking here is that this all
> > worked less than a month ago on my test platform.
> >
> > For the curious, here is the schema I'm using:
> > https://raw.githubusercontent.com/collegiumv/cv_config/master/roles/slapd/files/cn%3D%7B4%7Dkerberos.ldif
> >
> > --Michael
> >
> > On 06/30/2016 01:25 AM, Todd Grayson wrote:
> > > Got schema issues? Perhaps?
> > >
> > > http://blog.gmane.org/gmane.comp.encryption.kerberos.bugs/month=20131201
> > >
> > > Magic google phrase:
> > >
> > > openldap kerberos schema "Unable to find requested database type"
> > >
> > > On Thu, Jun 30, 2016 at 12:18 AM, Michael Aldridge
> > > <michael.aldridge at utdallas.edu
> <mailto:michael.aldridge at utdallas.edu>
> > <mailto:michael.aldridge at utdallas.edu
> <mailto:michael.aldridge at utdallas.edu>>
> > <mailto:michael.aldridge at utdallas.edu
> <mailto:michael.aldridge at utdallas.edu>
> > <mailto:michael.aldridge at utdallas.edu
> <mailto:michael.aldridge at utdallas.edu>>>>
> > > wrote:
> > >
> > > Greetings,
> > >
> > > I hope I am emailing the correct list and if I am not then please accept
> > > my apology. I am in the process of standing up a pair of KDCs and I am
> > > encountering this error when attempting to create the initial password
> > > stash for accessing the ldap server that backs the kerberos database:
> > >
> > > kdb5_ldap_util: Unable to find requested database type while setting up
> > > lib handle
> > >
> > > The command I ran to get that error message is:
> > >
> > > sudo kdb5_ldap_util -D "cn=krbAdmService,dc=collegiumv,dc=org"
> > > stashsrvpw -f /var/krb5kdc/ldap.keyfile
> > > "cn=krbAdmService,dc=collegiumv,dc=org"
> > >
> > > I have used my best google-fu but still come up empty. I can see
> > > several people who seem to have had the same issue, but I cannot find a
> > > solution. I appreciate any insight to this error.
> > >
> > > --Michael
> > >
> > > --
> > > Michael Aldridge
> > > Network Administrator
> > > Collegium V Honors College
> > > The University of Texas at Dallas
> > > ________________________________________________
> > > Kerberos mailing list Kerberos at mit.edu <mailto:Kerberos at mit.edu>
> <mailto:Kerberos at mit.edu <mailto:Kerberos at mit.edu>>
> > > <mailto:Kerberos at mit.edu
> <mailto:Kerberos at mit.edu> <mailto:Kerberos at mit.edu
> <mailto:Kerberos at mit.edu>>>
> > > https://mailman.mit.edu/mailman/listinfo/kerberos
> > >
> > >
> > >
> > >
> > > --
> > > Todd Grayson
> > > Business Operations Manager
> > > Customer Operations Engineering
> > > Security SME
> > >
> > ________________________________________________
> > Kerberos mailing list Kerberos at mit.edu
> <mailto:Kerberos at mit.edu>
> > <mailto:Kerberos at mit.edu <mailto:Kerberos at mit.edu>>
> > https://mailman.mit.edu/mailman/listinfo/kerberos
> >
> >
> >
> >
> > --
> > Todd Grayson
> > Business Operations Manager
> > Customer Operations Engineering
> > Security SME
> >
>
> ________________________________________________
> Kerberos mailing list Kerberos at mit.edu
> <mailto:Kerberos at mit.edu>
> https://mailman.mit.edu/mailman/listinfo/kerberos
>
>
>
>
> --
> Todd Grayson
> Business Operations Manager
> Customer Operations Engineering
> Security SME
>
>
>
>
> --
> Todd Grayson
> Business Operations Manager
> Customer Operations Engineering
> Security SME
>
>
>
>
> --
> Todd Grayson
> Business Operations Manager
> Customer Operations Engineering
> Security SME
>
More information about the Kerberos
mailing list