| 1 |
> I have been experiencing problems with the recent openldap upgrade from 2.1 |
| 2 |
> branch to 2.2. I followed the directions in the ebuild as directed, and I |
| 3 |
> seem to be hung up on one (maybe 2) problem. The new version of openldap |
| 4 |
> doesn't seem to know what to do with this directive: |
| 5 |
> password-hash {CLEARTEXT} |
| 6 |
> |
| 7 |
> I changed the directive to {SSHA}, then re-followed the steps in the ebuild |
| 8 |
> for rebuilding the database. Everything seems to work fine for openldap |
| 9 |
> now, but I _was_ using it as the backend for kerberos authentication, and |
| 10 |
> kerberos doesn't like it at all: |
| 11 |
> kadmin -l |
| 12 |
> kadmin> list * |
| 13 |
> kadmin: opening database: ldap_sasl_bind_s: Can't contact LDAP server |
| 14 |
> kadmin: kadm5_get_principals: Wrong database version |
| 15 |
|
| 16 |
Is this something I should post to an OpenLDAP list? The "password-hash |
| 17 |
{CLEARTEXT}" thing seems pretty standard, and is documented in openldap |
| 18 |
documentation and the man pages. I would find it hard to believe that it |
| 19 |
just became obsolete and I am the only one with problems. |
| 20 |
|
| 21 |
Also, perhaps I am looking at the problem wrong. Maybe it's an issue with |
| 22 |
kerberos in some way. I am a little short on my understanding of how |
| 23 |
kerberos passwords get hashed and stored in openldap, so maybe there is an |
| 24 |
answer there. |
| 25 |
|
| 26 |
I am using SASL and Heimdal kerberos. A search phrase on google, a direction, |
| 27 |
anything at this point would assist. |
| 28 |
|
| 29 |
Thank you for your time :) |
| 30 |
|
| 31 |
Robert |
| 32 |
-- |
| 33 |
gentoo-server@g.o mailing list |
Archives