KDC with LDAP backend can't add principal
Micro dong
microle.dong at gmail.com
Wed Sep 20 05:59:03 EDT 2017
Hi,
I am trying to install a KDC with an OpenLDAP backend, following
instructions found on the MIT kerberos site. Installation went fine and I
can see that the default principals have been created.
However, I cannot add new principals :
kadmin.local -q "addprinc -randkey test001"
Authenticating as principal root/admin at HADOOP.COM with password.
WARNING: no policy specified for test001 at HADOOP.COM; defaulting to no policy
add_principal: Principal add failed: Insufficient access while
creating "test001 at HADOOP.COM".
And my acl in openldap is:
access to dn.base=""
by * read
access to dn.base="cn=Subschema"
by * read
access to attrs=userPassword,userPKCS12
by self write
by * auth
access to attrs=shadowLastChange
by self write
by * read
# Providing access to realm container
access to dn.subtree="cn=HADOOP.COM,cn=kerberos,dc=xitong,dc=qh,dc=com"
by dn.exact="uid=krb5kdc,cn=krbcontainer,dc=xitong,dc=qh,dc=com" write
by dn.exact="uid=kadmind,cn=krbcontainer,dc=xitong,dc=qh,dc=com" write
by * none
access to *
by * read
Any help would be highly appreciated.
*Best regards*
More information about the krbdev
mailing list