[37758] in Kerberos
kdb5_ldap_util fails, no idea why
daemon@ATHENA.MIT.EDU (Dr. Lars Hanke)
Sat Nov 5 17:03:38 2016
From: "Dr. Lars Hanke" <debian@lhanke.de>
To: kerberos@mit.edu
Message-ID: <b1f7e7c1-3bd8-5103-2592-fc5d15d303b0@lhanke.de>
Date: Sat, 5 Nov 2016 22:03:07 +0100
MIME-Version: 1.0
Reply-To: debian@lhanke.de
Content-Type: text/plain; charset="us-ascii"
Content-Transfer-Encoding: 7bit
Errors-To: kerberos-bounces@mit.edu
I'm currently setting up a new KDC for a new domain. I also have a shiny
new LDAP. I want Kerberos to use LDAP as backend. LDAP connectivity is
fine, there is no specific data in it yet.
Trying to create the Kerberos container, I get the following error:
kdb5_ldap_util -D cn=admin,dc=microsult,dc=de create -subtrees
dc=microsult,dc=de -r UAC.MICROSULT.DE -s -H ldap:///
Password for "cn=admin,dc=microsult,dc=de":
Initializing database for realm 'UAC.MICROSULT.DE'
You will be prompted for the database Master Password.
It is important that you NOT FORGET this password.
Enter KDC database master key:
Re-enter KDC database master key to verify:
kdb5_ldap_util: Kerberos Container create FAILED: Object class violation
while creating realm 'UAC.MICROSULT.DE'
I read somewhere that this may be due to the kerberos container not
being a CN attribute. Actually I see in the debug trace of OpenLDAP that
it denies dc=microsult,dc=de since it's not a CN.
Am I supposed to create a CN node under my TLD and use this? I don't
quite understand how the final layout in LDAP is supposed to be and how
to put that into arguments for kdb5_ldap_util.
Any closer explanation is appreciated. Thanks for your help,
- lars.
________________________________________________
Kerberos mailing list Kerberos@mit.edu
https://mailman.mit.edu/mailman/listinfo/kerberos
