[16357] in Kerberos-V5-bugs

home help back first fref pref prev next nref lref last post

[krbdev.mit.edu #8832] Troubles with kdb5_ldap_util list staying

daemon@ATHENA.MIT.EDU (daemon@ATHENA.MIT.EDU)
Tue Sep 10 20:12:29 2019

From: "=?UTF-8?B?w5DClMOQwrjDkMK7w5HCj8OQwr0gw5DCn8OQwrDDkMK7w5DCsMORwoPDkMK3?=
	=?UTF-8?B?w5DCvsOQwrI=?= via RT" <rt-comment@KRBDEV-PROD-APP-1.mit.edu>
In-Reply-To: <ca844ea1db50452588ca03d9c3ab1a621881a7a9.camel@aegee.org>
Message-ID: <rt-4.4.4-79319-1568160742-980.8832-4-0@mit.edu>
To: "AdminCc of krbdev.mit.edu Ticket #8832":;
Date: Tue, 10 Sep 2019 20:12:22 -0400
MIME-Version: 1.0
Reply-To: rt-comment@KRBDEV-PROD-APP-1.mit.edu
Content-Type: text/plain; charset="utf-8"
Errors-To: krb5-bugs-bounces@mit.edu
Content-Transfer-Encoding: 8bit


Tue Sep 10 20:12:22 2019: Request 8832 was acted upon.
 Transaction: Ticket created by dilyan.palauzov@aegee.org
       Queue: krb5
     Subject: Troubles with kdb5_ldap_util list staying silent
       Owner: Nobody
  Requestors: dilyan.palauzov@aegee.org
      Status: new
 Ticket <URL: https://krbdev.mit.edu/rt/Ticket/Display.html?id=8832 >


Hello,

for a kerberos database using the LDAP backend, in kadmin.local I have created a policy.


kadmin.local:  listpols
expiring



$ldapsearch -x  -D A -b cn=krbContainer  -w B -H ldapi://%2Fvar%2Frun%2Fldapi/ "(objectClass=krbPwdPolicy)" -LLL

does print it:

dn: cn=expiring,cn=AEGEE.ORG,cn=krbContainer
cn: expiring
objectClass: krbPwdPolicy
krbMaxPwdLife: 7776000
krbMinPwdLife: 0
krbPwdMinDiffChars: 2
krbPwdMinLength: 8
krbPwdHistoryLength: 1
krbPwdMaxFailure: 10
krbPwdFailureCountInterval: 0
krbPwdLockoutDuration: 3600
krbPwdAttributes: 0
krbPwdMaxLife: 0
krbPwdMaxRenewableLife: 0




But kdb5_ldap_util does not, whatever I do:

kdb5_ldap_util -w B1  -D A -H ldapi://%2Fvar%2Frun%2Fldapi/  list_policy -r AEGEE.ORG
→ Invalid credentials while initializing database

kdb5_ldap_util -w B  -D A -H ldapi://%2Fvar%2Frun%2Fldapi/  list_policy -r AEGEE.ORG ; echo $?
→ 0

I would have expected, that just „kdb5_ldap_util list_policy” would have printed for the default realm, that happens to use the LDAP backend, the contained policies, without -w, -D and -H parameters, but it does not work.

In kdc.conf I have

[realms]
AEGEE.ORG = {
admin_keytab =/usr/var/krb5kdc/kadm5.keytab
default_principal_flags = +forwardable +proxiable +renewable
key_stash_file = /usr/var/krb5kdc/.k5.AEGEE.ORG
max_renewable_life = 100h
default_principal_flags = +renewable
database_module = LDAP
}

[dbdefaults]              
ldap_kerberos_container_dn = cn=krbContainer
ldap_kdc_dn = B
ldap_kadmind_dn = B
ldap_service_password_file = /usr/local/var/krb5kdc/admin.stash
                      
[dbmodules]
LDAP = {
  db_library = kldap
  ldap_servers = ldapi://%2Fvar%2Frun%2Fldapi
}




_______________________________________________
krb5-bugs mailing list
krb5-bugs@mit.edu
https://mailman.mit.edu/mailman/listinfo/krb5-bugs
home help back first fref pref prev next nref lref last post