Do you have a specific guide or sequence you followed? 1. apt-get install slapd krb5* heimdal-kdc .. etc?
And then the various config changes applied? I'll keep digging. On Wed, Jul 20, 2016 at 11:31 AM, Kartik Subbarao <[email protected]> wrote: > Hi Ryan, > > Thanks for looking into this. Unfortunately I don't have much to add to > my earlier response in this thread. Here are the only kerberos-related > types of lines that I have in slapd.conf: > > authz-regexp > uid=([^,]*),cn=([^,]*),cn=gssapi,cn=auth > ldap:///dc=example,dc=com??sub?(exampleKrb5PrincipalName=$1@$2) > sasl-realm EXAMPLE.COM > sasl-secprops minssf=0 > > As I mentioned before, I do have an /etc/krb5.keytab. ldapwhoami -Y > GSSAPI works fine. I don't know precisely how slapd ends up using kcm. > slapd is linked with libheimbase.so.1, so presumably it ends up calling > some heimdal library function that ends up accessing that socket. > > -- > You received this bug notification because you are subscribed to the bug > report. > https://bugs.launchpad.net/bugs/1472639 > > Title: > apparmor profile denied for kerberos: /run/.heim_org.h5l.kcm-socket > > To manage notifications about this bug go to: > > https://bugs.launchpad.net/ubuntu/+source/openldap/+bug/1472639/+subscriptions > -- You received this bug notification because you are a member of Ubuntu Bugs, which is subscribed to Ubuntu. https://bugs.launchpad.net/bugs/1472639 Title: apparmor profile denied for kerberos: /run/.heim_org.h5l.kcm-socket To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu/+source/openldap/+bug/1472639/+subscriptions -- ubuntu-bugs mailing list [email protected] https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs
