[37550] in Kerberos
Re: ldap database error when creating initial stash
daemon@ATHENA.MIT.EDU (Todd Grayson)
Thu Jun 30 10:06:49 2016
MIME-Version: 1.0
In-Reply-To: <85e441e4-fe87-3ef8-bd9b-f99549b3c077@utdallas.edu>
From: Todd Grayson <tgrayson@cloudera.com>
Date: Thu, 30 Jun 2016 08:06:14 -0600
Message-ID: <CALNT6MURnpzYSu+dqJPY6S55_8=S+f1pPLmdKARNdgU_+VX6JA@mail.gmail.com>
To: Michael Aldridge <michael.aldridge@utdallas.edu>
Cc: "kerberos@MIT.EDU" <kerberos@mit.edu>
Content-Type: text/plain; charset="us-ascii"
Content-Transfer-Encoding: 7bit
Errors-To: kerberos-bounces@mit.edu
Michael, I apologize but I'm not familiar with that kind of formatting for
the kerberos.schema file... the one I'm looking at looks like this
(segment).
What linux distro/versions are you working over?
That almost looks like the kind of format you would see converting the
.schema to .ldif or something?
Not being able to parse the schema file is what I was pointing out for that
error...
--- snip of kerberos.schema as provided in ubuntu ---
attributetype ( 2.16.840.1.113719.1.301.4.1.1
NAME 'krbPrincipalName'
EQUALITY caseExactIA5Match
SUBSTR caseExactSubstringsMatch
SYNTAX 1.3.6.1.4.1.1466.115.121.1.26)
...
...
objectclass ( 2.16.840.1.113719.1.301.6.16.1
NAME 'krbTicketPolicyAux'
SUP top
AUXILIARY
MAY ( krbTicketFlags $ krbMaxTicketLife $
krbMaxRenewableAge ) )
On Thu, Jun 30, 2016 at 12:48 AM, Michael Aldridge <
michael.aldridge@utdallas.edu> wrote:
> While I have not done an in depth comparison, my schema would appear to
> just be a re-formatted version of the schema provided in the source
> tree. I believe I originally obtained it from an ubuntu release
> slightly more than a year ago. What is striking here is that this all
> worked less than a month ago on my test platform.
>
> For the curious, here is the schema I'm using:
>
> https://raw.githubusercontent.com/collegiumv/cv_config/master/roles/slapd/files/cn%3D%7B4%7Dkerberos.ldif
>
> --Michael
>
> On 06/30/2016 01:25 AM, Todd Grayson wrote:
> > Got schema issues? Perhaps?
> >
> > http://blog.gmane.org/gmane.comp.encryption.kerberos.bugs/month=20131201
> >
> > Magic google phrase:
> >
> > openldap kerberos schema "Unable to find requested database type"
> >
> > On Thu, Jun 30, 2016 at 12:18 AM, Michael Aldridge
> > <michael.aldridge@utdallas.edu <mailto:michael.aldridge@utdallas.edu>>
> > wrote:
> >
> > Greetings,
> >
> > I hope I am emailing the correct list and if I am not then please
> accept
> > my apology. I am in the process of standing up a pair of KDCs and I
> am
> > encountering this error when attempting to create the initial
> password
> > stash for accessing the ldap server that backs the kerberos database:
> >
> > kdb5_ldap_util: Unable to find requested database type while setting
> up
> > lib handle
> >
> > The command I ran to get that error message is:
> >
> > sudo kdb5_ldap_util -D "cn=krbAdmService,dc=collegiumv,dc=org"
> > stashsrvpw -f /var/krb5kdc/ldap.keyfile
> > "cn=krbAdmService,dc=collegiumv,dc=org"
> >
> > I have used my best google-fu but still come up empty. I can see
> > several people who seem to have had the same issue, but I cannot
> find a
> > solution. I appreciate any insight to this error.
> >
> > --Michael
> >
> > --
> > Michael Aldridge
> > Network Administrator
> > Collegium V Honors College
> > The University of Texas at Dallas
> > ________________________________________________
> > Kerberos mailing list Kerberos@mit.edu
> > <mailto:Kerberos@mit.edu>
> > https://mailman.mit.edu/mailman/listinfo/kerberos
> >
> >
> >
> >
> > --
> > Todd Grayson
> > Business Operations Manager
> > Customer Operations Engineering
> > Security SME
> >
> ________________________________________________
> Kerberos mailing list Kerberos@mit.edu
> https://mailman.mit.edu/mailman/listinfo/kerberos
>
--
Todd Grayson
Business Operations Manager
Customer Operations Engineering
Security SME
________________________________________________
Kerberos mailing list Kerberos@mit.edu
https://mailman.mit.edu/mailman/listinfo/kerberos
