1 |
Hello! |
2 |
|
3 |
I'm running a gentoo authentication server utilizing heimdal-kerberos, |
4 |
cyrus-sasl, and openldap. This setup has been running for roughly six months |
5 |
without problems, until an openldap upgrade rendered my kerberos |
6 |
implementation useless. |
7 |
|
8 |
I recently (early last month) made the following upgrade: |
9 |
openldap-2.1.30-r5 |
10 |
-to- |
11 |
openldap-2.2.28 |
12 |
|
13 |
I began by uninstalling the first instance, then installing the second |
14 |
instance. I had a slapcat copy of the DB, so I moved the original databases |
15 |
to a backup, performed a slapadd, and reset all of the file permissions. |
16 |
Upon the slapadd, I received an error stating that the configuration was |
17 |
broken. |
18 |
|
19 |
Upon looking into it, it was erroring out due to the "password-hash |
20 |
{CLEARTEXT}" option. I commented this out, it appears to be working now. |
21 |
|
22 |
I can execute searches and adds, but for some reason this upgrade has caused |
23 |
kerberos to begin having problems. When I try kinit, I receive this in |
24 |
syslog: |
25 |
[kdc] UNKNOWN -- user@MYREALM: Wrong database version |
26 |
|
27 |
I try the following: |
28 |
# kadmin -l |
29 |
kadmin> list * |
30 |
kadmin: opening database: ldap_sasl_bind_s: Can't contact LDAP server |
31 |
kadmin: kadm5_get_principals: Wrong database version |
32 |
kadmin> |
33 |
|
34 |
I had followed the steps in the ebuild for openldap, and it seems to me like |
35 |
this might be a problem with heimdal-kerberos, but I am not sure. I suppose |
36 |
it could even be a problem with cyrus-sasl. |
37 |
|
38 |
Any help or suggestions would be appreciated, |
39 |
|
40 |
Robert |
41 |
-- |
42 |
gentoo-server@g.o mailing list |