kdb5_ldap_util fails, no idea why
t Seeger
tseegerkrb at gmail.com
Sun Nov 6 05:25:18 EST 2016
Hello,
I made a installer script to setup a Kerberos server with ldap backend. It is for ubuntu or debian only. The script is not perfect and for testing, but should guide you in the right direction. You can find it under: https://wp.tntnet.eu/?p=112
Thorsten
Von meinem iPhone gesendet
> Am 05.11.2016 um 22:03 schrieb Dr. Lars Hanke <debian at lhanke.de>:
>
> I'm currently setting up a new KDC for a new domain. I also have a shiny
> new LDAP. I want Kerberos to use LDAP as backend. LDAP connectivity is
> fine, there is no specific data in it yet.
>
> Trying to create the Kerberos container, I get the following error:
>
> kdb5_ldap_util -D cn=admin,dc=microsult,dc=de create -subtrees
> dc=microsult,dc=de -r UAC.MICROSULT.DE -s -H ldap:///
> Password for "cn=admin,dc=microsult,dc=de":
> Initializing database for realm 'UAC.MICROSULT.DE'
> You will be prompted for the database Master Password.
> It is important that you NOT FORGET this password.
> Enter KDC database master key:
> Re-enter KDC database master key to verify:
> kdb5_ldap_util: Kerberos Container create FAILED: Object class violation
> while creating realm 'UAC.MICROSULT.DE'
>
> I read somewhere that this may be due to the kerberos container not
> being a CN attribute. Actually I see in the debug trace of OpenLDAP that
> it denies dc=microsult,dc=de since it's not a CN.
>
> Am I supposed to create a CN node under my TLD and use this? I don't
> quite understand how the final layout in LDAP is supposed to be and how
> to put that into arguments for kdb5_ldap_util.
>
> Any closer explanation is appreciated. Thanks for your help,
>
> - lars.
>
>
> ________________________________________________
> Kerberos mailing list Kerberos at mit.edu
> https://mailman.mit.edu/mailman/listinfo/kerberos
More information about the Kerberos
mailing list