[krbdev.mit.edu #9182] bug in kdb5_ldap_util
Travis Bean via RT
rt-comment at krbdev.mit.edu
Wed Aug 27 01:05:22 EDT 2025
Wed Aug 27 01:05:22 2025: Request 9182 was acted upon.
Transaction: Ticket created by tbean74 at gmail.com
Queue: krb5
Subject: bug in kdb5_ldap_util
Owner: Nobody
Requestors: tbean74 at gmail.com
Status: new
Ticket <URL: https://krbdev.mit.edu/rt/Ticket/Display.html?id=9182 >
After I install Kerberos with an OpenLDAP backend, I cannot start
krb5-admin-server and krb5-kdc due to a malformed stash file.
When attempting to start krb5-admin-server, it produces the following error:
“Cannot bind to LDAP server ldapi:/// as
‘cn=adm-srv,cn=krbContainer,dc=example,dc=local’: Invalid credentials
- while initializing database.”
When attempting to start krb5-kdc, it produces the following error:
“Cannot bind to LDAP server ldapi:/// as
‘cn=kdc-srv,cn=krbContainer,dc=example,dc=local’: Invalid credentials
- while initializing database.”
I used the following test.sh Bash script for testing:
https://drive.google.com/file/d/1PWNAxH6Y0Sk3vBWd85JheG6DOSjmCFbq/view?usp=sharing
The part of this test.sh Bash script that is generating the stash file
is as follows:
echo -ne "$ADMIN_PASSWORD\n$ADMIN_PASSWORD\n" | kdb5_ldap_util \
-D uid=admin,ou=people,"$LDAP_BASE_DN" -w "$ADMIN_PASSWORD" stashsrvpw \
-f /etc/krb5kdc/service.keyfile cn=kdc-srv,cn=krbContainer,"$LDAP_BASE_DN"
echo -ne "$ADMIN_PASSWORD\n$ADMIN_PASSWORD\n" | kdb5_ldap_util \
-D uid=admin,ou=people,"$LDAP_BASE_DN" -w "$ADMIN_PASSWORD" stashsrvpw \
-f /etc/krb5kdc/service.keyfile cn=adm-srv,cn=krbContainer,"$LDAP_BASE_DN"
By the way, I am using Ubuntu Server 24.04.
Kind regards,
Travis Bean
More information about the krb5-bugs
mailing list