kdb5_ldap_util fails, no idea why
Dr. Lars Hanke
debian at lhanke.de
Sat Nov 5 17:03:07 EDT 2016
I'm currently setting up a new KDC for a new domain. I also have a shiny
new LDAP. I want Kerberos to use LDAP as backend. LDAP connectivity is
fine, there is no specific data in it yet.
Trying to create the Kerberos container, I get the following error:
kdb5_ldap_util -D cn=admin,dc=microsult,dc=de create -subtrees
dc=microsult,dc=de -r UAC.MICROSULT.DE -s -H ldap:///
Password for "cn=admin,dc=microsult,dc=de":
Initializing database for realm 'UAC.MICROSULT.DE'
You will be prompted for the database Master Password.
It is important that you NOT FORGET this password.
Enter KDC database master key:
Re-enter KDC database master key to verify:
kdb5_ldap_util: Kerberos Container create FAILED: Object class violation
while creating realm 'UAC.MICROSULT.DE'
I read somewhere that this may be due to the kerberos container not
being a CN attribute. Actually I see in the debug trace of OpenLDAP that
it denies dc=microsult,dc=de since it's not a CN.
Am I supposed to create a CN node under my TLD and use this? I don't
quite understand how the final layout in LDAP is supposed to be and how
to put that into arguments for kdb5_ldap_util.
Any closer explanation is appreciated. Thanks for your help,
- lars.
More information about the Kerberos
mailing list