I'm currently setting up a new KDC for a new domain. I also have a shiny new LDAP. I want Kerberos to use LDAP as backend. LDAP connectivity is fine, there is no specific data in it yet.
Trying to create the Kerberos container, I get the following error: kdb5_ldap_util -D cn=admin,dc=microsult,dc=de create -subtrees dc=microsult,dc=de -r UAC.MICROSULT.DE -s -H ldap:/// Password for "cn=admin,dc=microsult,dc=de": Initializing database for realm 'UAC.MICROSULT.DE' You will be prompted for the database Master Password. It is important that you NOT FORGET this password. Enter KDC database master key: Re-enter KDC database master key to verify: kdb5_ldap_util: Kerberos Container create FAILED: Object class violation while creating realm 'UAC.MICROSULT.DE' I read somewhere that this may be due to the kerberos container not being a CN attribute. Actually I see in the debug trace of OpenLDAP that it denies dc=microsult,dc=de since it's not a CN. Am I supposed to create a CN node under my TLD and use this? I don't quite understand how the final layout in LDAP is supposed to be and how to put that into arguments for kdb5_ldap_util. Any closer explanation is appreciated. Thanks for your help, - lars. ________________________________________________ Kerberos mailing list Kerberos@mit.edu https://mailman.mit.edu/mailman/listinfo/kerberos
