← Back to team overview

touch-packages team mailing list archive

  1. touch-packages team
  2. Mailing list archive
  3. Message #13167

[Bug 1363897] [NEW] kdb5_ldap_util can not create krbContainer

  Thread PreviousDate PreviousThread Next 
Public bug reported:

Following instructions on
https://help.ubuntu.com/10.04/serverguide/kerberos-ldap.html
creating the initial database with kdb5_ldap_util 
(>>sudo kdb5_ldap_util -D cn=admin,dc=app,dc=tsn create -subtrees dc=app,dc=tsn -r APP.TSN -s -H ldap:///ldap01.app.tsn)
fails with error message:
>>kdb5_ldap_util: Kerberos Container create FAILED: Object class violation while creating realm 'APP.TSN'

after reading these mails
http://comments.gmane.org/gmane.comp.encryption.kerberos.general/18509
setting up loglevel for slapd in syslog, following error message can be found:
----------
Sep  1 09:52:19 ldap01 slapd[1165]: ==> hdb_add: dc=app,dc=tsn
Sep  1 09:52:19 ldap01 slapd[1165]: oc_check_required entry (dc=app,dc=tsn), objectClass "krbContainer"
Sep  1 09:52:19 ldap01 slapd[1165]: oc_check_allowed type "objectClass"
Sep  1 09:52:19 ldap01 slapd[1165]: oc_check_allowed type "cn"
Sep  1 09:52:19 ldap01 slapd[1165]: oc_check_allowed type "structuralObjectClass"
Sep  1 09:52:19 ldap01 slapd[1165]: oc_check_allowed type "dc"
Sep  1 09:52:19 ldap01 slapd[1165]: Entry (dc=app,dc=tsn), attribute 'dc' not allowed
Sep  1 09:52:19 ldap01 slapd[1165]: hdb_add: entry failed schema check: attribute 'dc' not allowed (65)
-----------

System: 
Ubuntu 14.04 LTS
slapd          2.4.31-1+nmu amd64
krb5-config    2.3
krb5-kdc       1.12+dfsg-2u amd64
krb5-kdc-ldap  1.12+dfsg-2u amd64
krb5-locales   1.12+dfsg-2u 
krb5-user      1.12+dfsg-2u amd64

** Affects: krb5 (Ubuntu)
     Importance: Undecided
         Status: New

** Attachment added: "krb5.conf"
   https://bugs.launchpad.net/bugs/1363897/+attachment/4192162/+files/krb5.conf

** Package changed: nfs-utils (Ubuntu) => krb5 (Ubuntu)

-- 
You received this bug notification because you are a member of Ubuntu
Touch seeded packages, which is subscribed to krb5 in Ubuntu.
https://bugs.launchpad.net/bugs/1363897

Title:
  kdb5_ldap_util  can not create krbContainer

Status in “krb5” package in Ubuntu:
  New

Bug description:
  Following instructions on
  https://help.ubuntu.com/10.04/serverguide/kerberos-ldap.html
  creating the initial database with kdb5_ldap_util 
  (>>sudo kdb5_ldap_util -D cn=admin,dc=app,dc=tsn create -subtrees dc=app,dc=tsn -r APP.TSN -s -H ldap:///ldap01.app.tsn)
  fails with error message:
  >>kdb5_ldap_util: Kerberos Container create FAILED: Object class violation while creating realm 'APP.TSN'

  after reading these mails
  http://comments.gmane.org/gmane.comp.encryption.kerberos.general/18509
  setting up loglevel for slapd in syslog, following error message can be found:
  ----------
  Sep  1 09:52:19 ldap01 slapd[1165]: ==> hdb_add: dc=app,dc=tsn
  Sep  1 09:52:19 ldap01 slapd[1165]: oc_check_required entry (dc=app,dc=tsn), objectClass "krbContainer"
  Sep  1 09:52:19 ldap01 slapd[1165]: oc_check_allowed type "objectClass"
  Sep  1 09:52:19 ldap01 slapd[1165]: oc_check_allowed type "cn"
  Sep  1 09:52:19 ldap01 slapd[1165]: oc_check_allowed type "structuralObjectClass"
  Sep  1 09:52:19 ldap01 slapd[1165]: oc_check_allowed type "dc"
  Sep  1 09:52:19 ldap01 slapd[1165]: Entry (dc=app,dc=tsn), attribute 'dc' not allowed
  Sep  1 09:52:19 ldap01 slapd[1165]: hdb_add: entry failed schema check: attribute 'dc' not allowed (65)
  -----------

  System: 
  Ubuntu 14.04 LTS
  slapd          2.4.31-1+nmu amd64
  krb5-config    2.3
  krb5-kdc       1.12+dfsg-2u amd64
  krb5-kdc-ldap  1.12+dfsg-2u amd64
  krb5-locales   1.12+dfsg-2u 
  krb5-user      1.12+dfsg-2u amd64

To manage notifications about this bug go to:
https://bugs.launchpad.net/ubuntu/+source/krb5/+bug/1363897/+subscriptions

Follow ups

References

  Thread PreviousDate PreviousThread Next