I had a brief look at the scripts - well, the idea to understand the relevant parts and reproduce on my own seems laborous at least. I guess I'll set up a VM, install your system and try to understand, what it did.
Thank you, - lars. Am 06.11.2016 um 11:25 schrieb t Seeger: > Hello, > > I made a installer script to setup a Kerberos server with ldap > backend. It is for ubuntu or debian only. The script is not perfect > and for testing, but should guide you in the right direction. You can > find it under: https://wp.tntnet.eu/?p=112 > > Thorsten > > Von meinem iPhone gesendet > > Am 05.11.2016 um 22:03 schrieb Dr. Lars Hanke <deb...@lhanke.de > <mailto:deb...@lhanke.de>>: > >> I'm currently setting up a new KDC for a new domain. I also have a shiny >> new LDAP. I want Kerberos to use LDAP as backend. LDAP connectivity is >> fine, there is no specific data in it yet. >> >> Trying to create the Kerberos container, I get the following error: >> >> kdb5_ldap_util -D cn=admin,dc=microsult,dc=de create -subtrees >> dc=microsult,dc=de -r UAC.MICROSULT.DE -s -H ldap:/// >> Password for "cn=admin,dc=microsult,dc=de": >> Initializing database for realm 'UAC.MICROSULT.DE' >> You will be prompted for the database Master Password. >> It is important that you NOT FORGET this password. >> Enter KDC database master key: >> Re-enter KDC database master key to verify: >> kdb5_ldap_util: Kerberos Container create FAILED: Object class violation >> while creating realm 'UAC.MICROSULT.DE' >> >> I read somewhere that this may be due to the kerberos container not >> being a CN attribute. Actually I see in the debug trace of OpenLDAP that >> it denies dc=microsult,dc=de since it's not a CN. >> >> Am I supposed to create a CN node under my TLD and use this? I don't >> quite understand how the final layout in LDAP is supposed to be and how >> to put that into arguments for kdb5_ldap_util. >> >> Any closer explanation is appreciated. Thanks for your help, >> >> - lars. >> >> >> ________________________________________________ >> Kerberos mailing list Kerberos@mit.edu <mailto:Kerberos@mit.edu> >> https://mailman.mit.edu/mailman/listinfo/kerberos ________________________________________________ Kerberos mailing list Kerberos@mit.edu https://mailman.mit.edu/mailman/listinfo/kerberos
