[17051] in Kerberos-V5-bugs
[krbdev.mit.edu #9182] bug in kdb5_ldap_util
daemon@ATHENA.MIT.EDU (Travis Bean via RT)
Wed Aug 27 01:05:29 2025
From: "Travis Bean via RT" <rt-comment@krbdev.mit.edu>
In-Reply-To: <CAFk47JiYykCQ11RapDWrbUy_AhGWNnhz9AoE=e+CCzMiDoRZZQ@mail.gmail.com>
Message-ID: <rt-4.4.3-2-726432-1756271122-291.9182-4-0@mit.edu>
To: "AdminCc of krbdev.mit.edu Ticket #9182":;
Date: Wed, 27 Aug 2025 01:05:22 -0400
MIME-Version: 1.0
Reply-To: rt-comment@krbdev.mit.edu
Content-Type: text/plain; charset="utf-8"
Errors-To: krb5-bugs-bounces@mit.edu
Content-Transfer-Encoding: 8bit
Wed Aug 27 01:05:22 2025: Request 9182 was acted upon.
Transaction: Ticket created by tbean74@gmail.com
Queue: krb5
Subject: bug in kdb5_ldap_util
Owner: Nobody
Requestors: tbean74@gmail.com
Status: new
Ticket <URL: https://krbdev.mit.edu/rt/Ticket/Display.html?id=9182 >
After I install Kerberos with an OpenLDAP backend, I cannot start
krb5-admin-server and krb5-kdc due to a malformed stash file.
When attempting to start krb5-admin-server, it produces the following error:
“Cannot bind to LDAP server ldapi:/// as
‘cn=adm-srv,cn=krbContainer,dc=example,dc=local’: Invalid credentials
- while initializing database.”
When attempting to start krb5-kdc, it produces the following error:
“Cannot bind to LDAP server ldapi:/// as
‘cn=kdc-srv,cn=krbContainer,dc=example,dc=local’: Invalid credentials
- while initializing database.”
I used the following test.sh Bash script for testing:
https://drive.google.com/file/d/1PWNAxH6Y0Sk3vBWd85JheG6DOSjmCFbq/view?usp=sharing
The part of this test.sh Bash script that is generating the stash file
is as follows:
echo -ne "$ADMIN_PASSWORD\n$ADMIN_PASSWORD\n" | kdb5_ldap_util \
-D uid=admin,ou=people,"$LDAP_BASE_DN" -w "$ADMIN_PASSWORD" stashsrvpw \
-f /etc/krb5kdc/service.keyfile cn=kdc-srv,cn=krbContainer,"$LDAP_BASE_DN"
echo -ne "$ADMIN_PASSWORD\n$ADMIN_PASSWORD\n" | kdb5_ldap_util \
-D uid=admin,ou=people,"$LDAP_BASE_DN" -w "$ADMIN_PASSWORD" stashsrvpw \
-f /etc/krb5kdc/service.keyfile cn=adm-srv,cn=krbContainer,"$LDAP_BASE_DN"
By the way, I am using Ubuntu Server 24.04.
Kind regards,
Travis Bean
_______________________________________________
krb5-bugs mailing list
krb5-bugs@mit.edu
https://mailman.mit.edu/mailman/listinfo/krb5-bugs
