Thanks for the replies. I had found a walkthrough on setting up LDAP on it's own on that site too: https://community.hortonworks.com/articles/79806/how-to-setup-openldap-24-on-centos-7.html
And that explained how to set up the user with the access I needed - that got me past that error from my last email. Now I'm getting this: $ kdb5_ldap_util -D cn=admin,dc=example,dc=com -H ldapi:/// create -s Password for "cn=admin,dc=example,dc=com": Initializing database for realm 'EXAMPLE.COM' You will be prompted for the database Master Password. It is important that you NOT FORGET this password. Enter KDC database master key: Re-enter KDC database master key to verify: kdb5_ldap_util: Kerberos Container create FAILED: No such object while creating realm 'EXAMPLE.COM' I'll take a look at the tutorial you linked to, but I just thought I'd post this and see if anyone recognizes the error message. -John On Wed, Feb 6, 2019 at 11:49 AM Todd Grayson <tgray...@cloudera.com> wrote: > I'm not sure whats going on with the error message you are seeing. > > AS far as how to info: The hortonworks community has a walkthrough of MIT > KDC with LDAP backend on CentOS7, here: > > > https://community.hortonworks.com/articles/199542/configuring-kerberos-with-openldap-back-end.html > > On Tue, Feb 5, 2019 at 1:33 PM John Byrne <jhnb...@gmail.com> wrote: > >> Hi, >> >> I'm trying to set up the KDC with the LDAP plugin. I've been using: >> >> https://web.mit.edu/kerberos/krb5-latest/doc/admin/conf_ldap.html >> and >> >> https://web.mit.edu/kerberos/krb5-latest/doc/admin/advanced/ldapbackend.html#ldap-be-ubuntu >> >> as references (I'm not using Ubuntu, I'm using CentOS 7 but most of the >> info on the Ubuntu page above seems to be fairly generic). >> >> When I run the command to create the database, it challenges me for a >> password. I didn't set one up, and if I just hit enter, I get this: >> >> $ sudo kdb5_ldap_util -D cn=admin,dc=example,dc=com -H ldapi:/// create -s >> Password for "cn=admin,dc=example,dc=com": >> kdb5_ldap_util: Cannot allocate memory while retrieving ldap configuration >> >> Now, I don't really know much about LDAP, so I could be missing something. >> Do I have to create "cn=admin,dc=example,dc=com" as a user somehow before >> I >> run this? >> >> I've tried reading up on LDAP, but I haven't found anything that explains >> what I need to do here. I'm looking for a shortcut to the quickest >> possible >> setup - I don't really need LDAP except that I'm trying to test >> constrained >> delegation in a web application, and apparently that only works with the >> LDAP backend. >> >> Can anyone explain what's the bare minimum I need to do to get this >> working? >> >> Thanks, >> John >> ________________________________________________ >> Kerberos mailing list Kerberos@mit.edu >> https://mailman.mit.edu/mailman/listinfo/kerberos >> > > > -- > Todd Grayson > Customer Operations Engineering > Security SME > > ________________________________________________ Kerberos mailing list Kerberos@mit.edu https://mailman.mit.edu/mailman/listinfo/kerberos
