| 1 |
Hello! |
| 2 |
|
| 3 |
I'm running a gentoo authentication server utilizing heimdal-kerberos, |
| 4 |
cyrus-sasl, and openldap. This setup has been running for roughly six months |
| 5 |
without problems, until an openldap upgrade rendered my kerberos |
| 6 |
implementation useless. |
| 7 |
|
| 8 |
I recently (early last month) made the following upgrade: |
| 9 |
openldap-2.1.30-r5 |
| 10 |
-to- |
| 11 |
openldap-2.2.28 |
| 12 |
|
| 13 |
I began by uninstalling the first instance, then installing the second |
| 14 |
instance. I had a slapcat copy of the DB, so I moved the original databases |
| 15 |
to a backup, performed a slapadd, and reset all of the file permissions. |
| 16 |
Upon the slapadd, I received an error stating that the configuration was |
| 17 |
broken. |
| 18 |
|
| 19 |
Upon looking into it, it was erroring out due to the "password-hash |
| 20 |
{CLEARTEXT}" option. I commented this out, it appears to be working now. |
| 21 |
|
| 22 |
I can execute searches and adds, but for some reason this upgrade has caused |
| 23 |
kerberos to begin having problems. When I try kinit, I receive this in |
| 24 |
syslog: |
| 25 |
[kdc] UNKNOWN -- user@MYREALM: Wrong database version |
| 26 |
|
| 27 |
I try the following: |
| 28 |
# kadmin -l |
| 29 |
kadmin> list * |
| 30 |
kadmin: opening database: ldap_sasl_bind_s: Can't contact LDAP server |
| 31 |
kadmin: kadm5_get_principals: Wrong database version |
| 32 |
kadmin> |
| 33 |
|
| 34 |
I had followed the steps in the ebuild for openldap, and it seems to me like |
| 35 |
this might be a problem with heimdal-kerberos, but I am not sure. I suppose |
| 36 |
it could even be a problem with cyrus-sasl. |
| 37 |
|
| 38 |
Any help or suggestions would be appreciated, |
| 39 |
|
| 40 |
Robert |
| 41 |
-- |
| 42 |
gentoo-server@g.o mailing list |
Archives