sorry "kerberos.ldif" not "schema.ldif" On Thu, Jun 30, 2016 at 10:00 AM, Todd Grayson <tgray...@cloudera.com> wrote:
> Is the file supposed to be schema.ldif once its converted that way? > > On Thu, Jun 30, 2016 at 9:58 AM, Todd Grayson <tgray...@cloudera.com> > wrote: > >> The discussion in the mail list I sent, the error emerged as it was >> parsing broken schema information in the file... >> >> On Thu, Jun 30, 2016 at 9:55 AM, Michael Aldridge < >> michael.aldri...@utdallas.edu> wrote: >> >>> Todd, >>> >>> You are correct that that is in ldif format. The ldap server gets built >>> up by using the bare minimum to get it online and then all the other >>> schemata and associated files are loaded in with the server online. >>> >>> The distro is Void Linux, with kerberos version 1.14.2. >>> >>> I must admit I'm struggling to see what you are seeing. The error text >>> to me sounds like it can't even find the ldap backend, much less try to >>> actually talk to it. Can you explain why you think this might be a >>> schema error? >>> >>> --Michael >>> >>> On 06/30/2016 09:06 AM, Todd Grayson wrote: >>> > Michael, I apologize but I'm not familiar with that kind of formatting >>> > for the kerberos.schema file... the one I'm looking at looks like this >>> > (segment). >>> > >>> > What linux distro/versions are you working over? >>> > >>> > That almost looks like the kind of format you would see converting the >>> > .schema to .ldif or something? >>> > >>> > Not being able to parse the schema file is what I was pointing out for >>> > that error... >>> > >>> > --- snip of kerberos.schema as provided in ubuntu --- >>> > >>> > attributetype ( 2.16.840.1.113719.1.301.4.1.1 >>> > NAME 'krbPrincipalName' >>> > EQUALITY caseExactIA5Match >>> > SUBSTR caseExactSubstringsMatch >>> > SYNTAX 1.3.6.1.4.1.1466.115.121.1.26) >>> > >>> > ... >>> > ... >>> > >>> > objectclass ( 2.16.840.1.113719.1.301.6.16.1 >>> > NAME 'krbTicketPolicyAux' >>> > SUP top >>> > AUXILIARY >>> > MAY ( krbTicketFlags $ krbMaxTicketLife $ >>> > krbMaxRenewableAge ) ) >>> > >>> > >>> > On Thu, Jun 30, 2016 at 12:48 AM, Michael Aldridge >>> > <michael.aldri...@utdallas.edu <mailto:michael.aldri...@utdallas.edu>> >>> > wrote: >>> > >>> > While I have not done an in depth comparison, my schema would >>> appear to >>> > just be a re-formatted version of the schema provided in the source >>> > tree. I believe I originally obtained it from an ubuntu release >>> > slightly more than a year ago. What is striking here is that this >>> all >>> > worked less than a month ago on my test platform. >>> > >>> > For the curious, here is the schema I'm using: >>> > >>> https://raw.githubusercontent.com/collegiumv/cv_config/master/roles/slapd/files/cn%3D%7B4%7Dkerberos.ldif >>> > >>> > --Michael >>> > >>> > On 06/30/2016 01:25 AM, Todd Grayson wrote: >>> > > Got schema issues? Perhaps? >>> > > >>> > > >>> http://blog.gmane.org/gmane.comp.encryption.kerberos.bugs/month=20131201 >>> > > >>> > > Magic google phrase: >>> > > >>> > > openldap kerberos schema "Unable to find requested database type" >>> > > >>> > > On Thu, Jun 30, 2016 at 12:18 AM, Michael Aldridge >>> > > <michael.aldri...@utdallas.edu >>> > <mailto:michael.aldri...@utdallas.edu> >>> > <mailto:michael.aldri...@utdallas.edu >>> > <mailto:michael.aldri...@utdallas.edu>>> >>> > > wrote: >>> > > >>> > > Greetings, >>> > > >>> > > I hope I am emailing the correct list and if I am not then >>> please accept >>> > > my apology. I am in the process of standing up a pair of >>> KDCs and I am >>> > > encountering this error when attempting to create the >>> initial password >>> > > stash for accessing the ldap server that backs the kerberos >>> database: >>> > > >>> > > kdb5_ldap_util: Unable to find requested database type while >>> setting up >>> > > lib handle >>> > > >>> > > The command I ran to get that error message is: >>> > > >>> > > sudo kdb5_ldap_util -D >>> "cn=krbAdmService,dc=collegiumv,dc=org" >>> > > stashsrvpw -f /var/krb5kdc/ldap.keyfile >>> > > "cn=krbAdmService,dc=collegiumv,dc=org" >>> > > >>> > > I have used my best google-fu but still come up empty. I >>> can see >>> > > several people who seem to have had the same issue, but I >>> cannot find a >>> > > solution. I appreciate any insight to this error. >>> > > >>> > > --Michael >>> > > >>> > > -- >>> > > Michael Aldridge >>> > > Network Administrator >>> > > Collegium V Honors College >>> > > The University of Texas at Dallas >>> > > ________________________________________________ >>> > > Kerberos mailing list Kerberos@mit.edu <mailto: >>> Kerberos@mit.edu> >>> > > <mailto:Kerberos@mit.edu <mailto:Kerberos@mit.edu>> >>> > > https://mailman.mit.edu/mailman/listinfo/kerberos >>> > > >>> > > >>> > > >>> > > >>> > > -- >>> > > Todd Grayson >>> > > Business Operations Manager >>> > > Customer Operations Engineering >>> > > Security SME >>> > > >>> > ________________________________________________ >>> > Kerberos mailing list Kerberos@mit.edu >>> > <mailto:Kerberos@mit.edu> >>> > https://mailman.mit.edu/mailman/listinfo/kerberos >>> > >>> > >>> > >>> > >>> > -- >>> > Todd Grayson >>> > Business Operations Manager >>> > Customer Operations Engineering >>> > Security SME >>> > >>> >>> ________________________________________________ >>> Kerberos mailing list Kerberos@mit.edu >>> https://mailman.mit.edu/mailman/listinfo/kerberos >>> >> >> >> >> -- >> Todd Grayson >> Business Operations Manager >> Customer Operations Engineering >> Security SME >> >> > > > -- > Todd Grayson > Business Operations Manager > Customer Operations Engineering > Security SME > > -- Todd Grayson Business Operations Manager Customer Operations Engineering Security SME ________________________________________________ Kerberos mailing list Kerberos@mit.edu https://mailman.mit.edu/mailman/listinfo/kerberos