KDC with LDAP backend can't add principal

Micro dong microle.dong at gmail.com
Wed Sep 20 05:59:03 EDT 2017


I am trying to install a KDC with an OpenLDAP backend, following
instructions found on the MIT kerberos site. Installation went fine and I
can see that the default principals have been created.

However, I cannot add new principals :
   kadmin.local -q "addprinc -randkey test001"
Authenticating as principal root/admin at HADOOP.COM with password.
WARNING: no policy specified for test001 at HADOOP.COM; defaulting to no policy
add_principal: Principal add failed: Insufficient access while
creating "test001 at HADOOP.COM".

   And my acl in openldap is:

access to dn.base=""
    by * read

access to dn.base="cn=Subschema"
    by * read

access to attrs=userPassword,userPKCS12
    by self write
    by * auth

access to attrs=shadowLastChange
    by self write
    by * read

# Providing access to realm container
access to dn.subtree="cn=HADOOP.COM,cn=kerberos,dc=xitong,dc=qh,dc=com"
    by dn.exact="uid=krb5kdc,cn=krbcontainer,dc=xitong,dc=qh,dc=com" write
    by dn.exact="uid=kadmind,cn=krbcontainer,dc=xitong,dc=qh,dc=com" write
    by * none

access to *
    by * read

Any help would be highly appreciated.

*Best regards*

More information about the krbdev mailing list