touch-packages team mailing list archive

Thread
Date

[Bug 1363897] Re: kdb5_ldap_util can not create krbContainer

To: touch-packages@xxxxxxxxxxxxxxxxxxx
From: Ryan Short <1363897@xxxxxxxxxxxxxxxxxx>
Date: Mon, 20 Jul 2015 22:24:43 -0000
Reply-to: Bug 1363897 <1363897@xxxxxxxxxxxxxxxxxx>
Sender: bounces@xxxxxxxxxxxxx

Just appears to be an issue with the documentation as noted by Gabriels
previously linked bug report
https://bugs.launchpad.net/serverguide/+bug/1409392

Can confirm that following the guide but making the change highlighted
by
https://bugs.launchpad.net/ubuntu/+source/krb5/+bug/1363897/comments/3
the containers look to have been created successfully and kadmin looks
populated, it was also able to add the kerberos attributes to an
existing user in the ldap database.

This was all without making any other changes, so regarding Rob's query
the kdb5_ldap_util create line stayed as is.

-- 
You received this bug notification because you are a member of Ubuntu
Touch seeded packages, which is subscribed to krb5 in Ubuntu.
https://bugs.launchpad.net/bugs/1363897

Title:
  kdb5_ldap_util  can not create krbContainer

Status in krb5 package in Ubuntu:
  Confirmed

Bug description:
  Following instructions on
  https://help.ubuntu.com/10.04/serverguide/kerberos-ldap.html
  creating the initial database with kdb5_ldap_util 
  (>>sudo kdb5_ldap_util -D cn=admin,dc=app,dc=tsn create -subtrees dc=app,dc=tsn -r APP.TSN -s -H ldap:///ldap01.app.tsn)
  fails with error message:
  >>kdb5_ldap_util: Kerberos Container create FAILED: Object class violation while creating realm 'APP.TSN'

  after reading these mails
  http://comments.gmane.org/gmane.comp.encryption.kerberos.general/18509
  setting up loglevel for slapd in syslog, following error message can be found:
  ----------
  Sep  1 09:52:19 ldap01 slapd[1165]: ==> hdb_add: dc=app,dc=tsn
  Sep  1 09:52:19 ldap01 slapd[1165]: oc_check_required entry (dc=app,dc=tsn), objectClass "krbContainer"
  Sep  1 09:52:19 ldap01 slapd[1165]: oc_check_allowed type "objectClass"
  Sep  1 09:52:19 ldap01 slapd[1165]: oc_check_allowed type "cn"
  Sep  1 09:52:19 ldap01 slapd[1165]: oc_check_allowed type "structuralObjectClass"
  Sep  1 09:52:19 ldap01 slapd[1165]: oc_check_allowed type "dc"
  Sep  1 09:52:19 ldap01 slapd[1165]: Entry (dc=app,dc=tsn), attribute 'dc' not allowed
  Sep  1 09:52:19 ldap01 slapd[1165]: hdb_add: entry failed schema check: attribute 'dc' not allowed (65)
  -----------

  System: 
  Ubuntu 14.04 LTS
  slapd          2.4.31-1+nmu amd64
  krb5-config    2.3
  krb5-kdc       1.12+dfsg-2u amd64
  krb5-kdc-ldap  1.12+dfsg-2u amd64
  krb5-locales   1.12+dfsg-2u 
  krb5-user      1.12+dfsg-2u amd64

To manage notifications about this bug go to:
https://bugs.launchpad.net/ubuntu/+source/krb5/+bug/1363897/+subscriptions

References

[Bug 1363897] [NEW] kdb5_ldap_util can not create krbContainer
From: Reinhard, 2014-09-01