[38481] in Kerberos

home help back first fref pref prev next nref lref last post

Re: Setting up the KDC ldap backend

daemon@ATHENA.MIT.EDU (Todd Grayson)
Wed Feb 6 11:49:59 2019

MIME-Version: 1.0
In-Reply-To: <CAJDs90AEcMF5BtOYj7-HcumeMhNiR=yZCtMoWbnCH=Gd1HgG_w@mail.gmail.com>
From: Todd Grayson <tgrayson@cloudera.com>
Date: Wed, 6 Feb 2019 09:49:36 -0700
Message-ID: <CALNT6MV05dTzjAC3EfXxbHSOYTgAXYmES48-Y_To=1mYpzXayw@mail.gmail.com>
To: John Byrne <jhnbyrn@gmail.com>
Cc: "kerberos@MIT.EDU" <kerberos@mit.edu>
Content-Type: text/plain; charset="us-ascii"
Content-Transfer-Encoding: 7bit
Errors-To: kerberos-bounces@mit.edu

I'm not sure whats going on with the error message you are seeing.

AS far as how to info: The hortonworks community has a walkthrough of MIT
KDC with LDAP backend on CentOS7, here:


On Tue, Feb 5, 2019 at 1:33 PM John Byrne <jhnbyrn@gmail.com> wrote:

> Hi,
> I'm trying to set up the KDC with the LDAP plugin. I've been using:
> https://web.mit.edu/kerberos/krb5-latest/doc/admin/conf_ldap.html
> and
> https://web.mit.edu/kerberos/krb5-latest/doc/admin/advanced/ldapbackend.html#ldap-be-ubuntu
> as references (I'm not using Ubuntu, I'm using CentOS 7 but most of the
> info on the Ubuntu page above seems to be fairly generic).
> When I run the command to create the database, it challenges me for a
> password. I didn't set one up, and if I just hit enter, I get this:
> $ sudo kdb5_ldap_util -D cn=admin,dc=example,dc=com -H ldapi:/// create -s
> Password for "cn=admin,dc=example,dc=com":
> kdb5_ldap_util: Cannot allocate memory while retrieving ldap configuration
> Now, I don't really know much about LDAP, so I could be missing something.
> Do I have to create "cn=admin,dc=example,dc=com" as a user somehow before I
> run this?
> I've tried reading up on LDAP, but I haven't found anything that explains
> what I need to do here. I'm looking for a shortcut to the quickest possible
> setup - I don't really need LDAP except that I'm trying to test constrained
> delegation in a web application, and apparently that only works with the
> LDAP backend.
> Can anyone explain what's the bare minimum I need to do to get this
> working?
> Thanks,
> John
> ________________________________________________
> Kerberos mailing list           Kerberos@mit.edu
> https://mailman.mit.edu/mailman/listinfo/kerberos

Todd Grayson
Customer Operations Engineering
Security SME
Kerberos mailing list           Kerberos@mit.edu

home help back first fref pref prev next nref lref last post