[krbdev.mit.edu #7788] Kerberos LDAP issues (1.11)
Richard Basch via RT
rt-comment at krbdev.mit.edu
Tue Dec 3 22:32:07 EST 2013
The schema on the web site is lacking various required attributes to support
Kerberos with a LDAP backend.
http://k5wiki.kerberos.org/wiki/Kerberos.schema
When I tried creating a password policy, I encountered errors because of
missing attribute definitions and discovered the following were lacking in
the schema:
krbPwdAttributes
krbPwdMaxLife
krbPwdMaxRenewableLife
krbPwdAllowedKeySalts
I also am encountering issues loading a dump file (i.e. doing a conversion).
Even after resolving the above missing attribute definitions, I find about
1% of the principals fail to be loaded (when using kdb5_util load -update .)
<dumpfile>(line #): cannot store principal at REALM(Database store error)
<dumpfile>(line #): cannot read dump entry header
I plan to enable additional debugging to determine the cause of the above,
but I know the dump file is fine because the same dump file can be loaded
into a db2 backend without issue.
More information about the krb5-bugs
mailing list