[Touch-packages] [Bug 1363897] Re: kdb5_ldap_util can not create krbContainer

Fri, 05 Jun 2015 08:41:34 -0700 

Should the following lines also be changed?  E.g.:

  sudo kdb5_ldap_util -D  cn=admin,dc=example,dc=com create -subtrees \
    dc=example,dc=com -r EXAMPLE.COM -s -H ldap://ldap01.example.com

Does that dc=example,dc=com need to be replaced with
cn=krbContainer,dc=example,dc=com?

-- 
You received this bug notification because you are a member of Ubuntu
Touch seeded packages, which is subscribed to krb5 in Ubuntu.
https://bugs.launchpad.net/bugs/1363897

Title:
  kdb5_ldap_util  can not create krbContainer

Status in krb5 package in Ubuntu:
  Confirmed

Bug description:
  Following instructions on
  https://help.ubuntu.com/10.04/serverguide/kerberos-ldap.html
  creating the initial database with kdb5_ldap_util 
  (>>sudo kdb5_ldap_util -D cn=admin,dc=app,dc=tsn create -subtrees 
dc=app,dc=tsn -r APP.TSN -s -H ldap:///ldap01.app.tsn)
  fails with error message:
  >>kdb5_ldap_util: Kerberos Container create FAILED: Object class violation 
while creating realm 'APP.TSN'

  after reading these mails
  http://comments.gmane.org/gmane.comp.encryption.kerberos.general/18509
  setting up loglevel for slapd in syslog, following error message can be found:
  ----------
  Sep  1 09:52:19 ldap01 slapd[1165]: ==> hdb_add: dc=app,dc=tsn
  Sep  1 09:52:19 ldap01 slapd[1165]: oc_check_required entry (dc=app,dc=tsn), 
objectClass "krbContainer"
  Sep  1 09:52:19 ldap01 slapd[1165]: oc_check_allowed type "objectClass"
  Sep  1 09:52:19 ldap01 slapd[1165]: oc_check_allowed type "cn"
  Sep  1 09:52:19 ldap01 slapd[1165]: oc_check_allowed type 
"structuralObjectClass"
  Sep  1 09:52:19 ldap01 slapd[1165]: oc_check_allowed type "dc"
  Sep  1 09:52:19 ldap01 slapd[1165]: Entry (dc=app,dc=tsn), attribute 'dc' not 
allowed
  Sep  1 09:52:19 ldap01 slapd[1165]: hdb_add: entry failed schema check: 
attribute 'dc' not allowed (65)
  -----------

  System: 
  Ubuntu 14.04 LTS
  slapd          2.4.31-1+nmu amd64
  krb5-config    2.3
  krb5-kdc       1.12+dfsg-2u amd64
  krb5-kdc-ldap  1.12+dfsg-2u amd64
  krb5-locales   1.12+dfsg-2u 
  krb5-user      1.12+dfsg-2u amd64

To manage notifications about this bug go to:
https://bugs.launchpad.net/ubuntu/+source/krb5/+bug/1363897/+subscriptions

-- 
Mailing list: https://launchpad.net/~touch-packages
Post to     : touch-packages@lists.launchpad.net
Unsubscribe : https://launchpad.net/~touch-packages
More help   : https://help.launchpad.net/ListHelp

Reply via email to