> I have been experiencing problems with the recent openldap upgrade from 2.1
> branch to 2.2. I followed the directions in the ebuild as directed, and I
> seem to be hung up on one (maybe 2) problem. The new version of openldap
> doesn't seem to know what to do with this directive:
> password-hash {CLEARTEXT}
>
> I changed the directive to {SSHA}, then re-followed the steps in the ebuild
> for rebuilding the database. Everything seems to work fine for openldap
> now, but I _was_ using it as the backend for kerberos authentication, and
> kerberos doesn't like it at all:
> kadmin -l
> kadmin> list *
> kadmin: opening database: ldap_sasl_bind_s: Can't contact LDAP server
> kadmin: kadm5_get_principals: Wrong database version
Is this something I should post to an OpenLDAP list? The "password-hash
{CLEARTEXT}" thing seems pretty standard, and is documented in openldap
documentation and the man pages. I would find it hard to believe that it
just became obsolete and I am the only one with problems.
Also, perhaps I am looking at the problem wrong. Maybe it's an issue with
kerberos in some way. I am a little short on my understanding of how
kerberos passwords get hashed and stored in openldap, so maybe there is an
answer there.
I am using SASL and Heimdal kerberos. A search phrase on google, a direction,
anything at this point would assist.
Thank you for your time :)
Robert
--
[email protected] mailing list
