1 |
> I have been experiencing problems with the recent openldap upgrade from 2.1 |
2 |
> branch to 2.2. I followed the directions in the ebuild as directed, and I |
3 |
> seem to be hung up on one (maybe 2) problem. The new version of openldap |
4 |
> doesn't seem to know what to do with this directive: |
5 |
> password-hash {CLEARTEXT} |
6 |
> |
7 |
> I changed the directive to {SSHA}, then re-followed the steps in the ebuild |
8 |
> for rebuilding the database. Everything seems to work fine for openldap |
9 |
> now, but I _was_ using it as the backend for kerberos authentication, and |
10 |
> kerberos doesn't like it at all: |
11 |
> kadmin -l |
12 |
> kadmin> list * |
13 |
> kadmin: opening database: ldap_sasl_bind_s: Can't contact LDAP server |
14 |
> kadmin: kadm5_get_principals: Wrong database version |
15 |
|
16 |
Is this something I should post to an OpenLDAP list? The "password-hash |
17 |
{CLEARTEXT}" thing seems pretty standard, and is documented in openldap |
18 |
documentation and the man pages. I would find it hard to believe that it |
19 |
just became obsolete and I am the only one with problems. |
20 |
|
21 |
Also, perhaps I am looking at the problem wrong. Maybe it's an issue with |
22 |
kerberos in some way. I am a little short on my understanding of how |
23 |
kerberos passwords get hashed and stored in openldap, so maybe there is an |
24 |
answer there. |
25 |
|
26 |
I am using SASL and Heimdal kerberos. A search phrase on google, a direction, |
27 |
anything at this point would assist. |
28 |
|
29 |
Thank you for your time :) |
30 |
|
31 |
Robert |
32 |
-- |
33 |
gentoo-server@g.o mailing list |