Hello!
I'm running a gentoo authentication server utilizing heimdal-kerberos,
cyrus-sasl, and openldap. This setup has been running for roughly six months
without problems, until an openldap upgrade rendered my kerberos
implementation useless.
I recently (early last month) made the following upgrade:
openldap-2.1.30-r5
-to-
openldap-2.2.28
I began by uninstalling the first instance, then installing the second
instance. I had a slapcat copy of the DB, so I moved the original databases
to a backup, performed a slapadd, and reset all of the file permissions.
Upon the slapadd, I received an error stating that the configuration was
broken.
Upon looking into it, it was erroring out due to the "password-hash
{CLEARTEXT}" option. I commented this out, it appears to be working now.
I can execute searches and adds, but for some reason this upgrade has caused
kerberos to begin having problems. When I try kinit, I receive this in
syslog:
[kdc] UNKNOWN -- [EMAIL PROTECTED]: Wrong database version
I try the following:
# kadmin -l
kadmin> list *
kadmin: opening database: ldap_sasl_bind_s: Can't contact LDAP server
kadmin: kadm5_get_principals: Wrong database version
kadmin>
I had followed the steps in the ebuild for openldap, and it seems to me like
this might be a problem with heimdal-kerberos, but I am not sure. I suppose
it could even be a problem with cyrus-sasl.
Any help or suggestions would be appreciated,
Robert
--
[email protected] mailing list
