[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
Heimdal-04e & OpenLDAP 2.0.18
Hi,
I've run into a brick wall on this one. Trying to get heimdal and openldap
working together on FreeBSD 4.4-RELEASE.
doing an ldapadd works fine for me, the problem:
# kadmin -l
kadmin> init TEST.NET
Realm max ticket life [unlimited]:
Realm max renewable ticket life [unlimited]:
kadmin: kadm5_create_principal: ldap_add_s: No such object
#
[snip]
====> cache_return_entry_r( 1 ): returned (0)
parent does not exist
send_ldap_result: conn=11 op=1 p=3
send_ldap_result: 10:dc=test,dc=net:parent does not exist
send_ldap_response: msgid=2 tag=105 err=32
ber_flush: 51 bytes to sd 13
0000: 30 31 02 01 02 69 2c 0a 01 20 04 10 64 63 3d 65 01...i,.. ..dc=t
0010: 69 72 63 6f 6d 2c 64 63 3d 6e 65 74 04 15 70 61 est,dc=net..pare
0020: 72 65 6e 74 20 64 6f 65 73 20 6e 6f 74 20 65 78 nt does not exis
0030: 69 73 74 t
ldap_write: want=51, written=51
0000: 30 31 02 01 02 69 2c 0a 01 20 04 10 64 63 3d 65 01...i,.. ..dc=t
0010: 69 72 63 6f 6d 2c 64 63 3d 6e 65 74 04 15 70 61 est,dc=net..pare
0020: 72 65 6e 74 20 64 6f 65 73 20 6e 6f 74 20 65 78 nt does not exis
0030: 69 73 74 t
conn=11 op=1 RESULT tag=105 err=32 text=parent does not exist
[/snip]
Obviously there is lots more data from slapd running in d -1. Also there is
the kdc-log file being generated, although it doesn't offer any insight as to
the problem.
heimdal was configured with openldap support ;)
It works fine using the normal method (i.e. without openldap) and as I said
before I can add entries using ldapadd.
[slapd.conf]
# slapd.conf ryand
#################################
# Global Configuration Directives
#################################
include /usr/local/etc/openldap/schema/core.schema
include /usr/local/etc/openldap/schema/krb5-kdc.schema
access to *
by sockurl="^ldapi:///$" write
by dn="cn=ryand,dc=test,dc=net" write
by users=read
pidfile /usr/local/var/slapd.pid
argsfile /usr/local/var/slapd.args
loglevel -1
#################################
# Global Database Definitions
#################################
database ldbm
readonly off
rootdn "cn=ryand,dc=test,dc=net"
rootpw secret
suffix "dc=test,dc=net"
#################################
# ldbm Database Definitions
#################################
cachesize 1000
dbcachesize 1000
directory /usr/local/var/openldap-ldbm
index default pres,eq
index objectClass,uid
index cn,sn eq,sub
mode 0600
[krb5.conf]
[libdefaults]
default_realm = TEST.NET
clockskew = 300
ticket_lifetime = 600
[realms]
TEST.NET = {
kdc = kerberos.test.net:88
admin_server = kerberos.test.net:749
kpasswd_server = kerberos.test.net:761
default_domain = test.net
}
[domain_realm]
.test.net = TEST.NET
test.net = TEST.NET
[kdc]
database = {
dbname = ldap:ou=KerberosPrincpals,dc=test,dc=net
realm = TEST.NET
mkey_file = /var/heimdal/m-key
acl_file = /var/heimdal/kdc-acl
log_file = /var/heimdal/kdc-log
}
ports = 88, 749
# allow-null-ticket-addresses = TRUE
[kadmin]
default_keys = v5
require_preauth = no
[logging]
kadmind = FILE:/var/heimdal/kadmind.log
[...]
Any thoughts? Nothing of relevance turned up on google, etc.
####
Another issue, on OpenBSD 3.0 the make fails with a reference to _pidfile not
being defined. In heimdal-04e/lib/kadm5/Makefile (generated after configure) I
had to add ${LIB_pidfile} to LIBS = , (LIB_pidfile = -lutil). Whilst
compilation worked successfully, running the version of kstash that comes with
04e core dumps.
[gdb output]
ryand@openbsd-30-1 $ sudo gdb ./kstash kstash.core
GNU gdb 4.16.1
Copyright 1996 Free Software Foundation, Inc.
GDB is free software, covered by the GNU General Public License, and you are
welcome to change it and/or distribute copies of it under certain conditions.
Type "show copying" to see the conditions.
There is absolutely no warranty for GDB. Type "show warranty" for details.
This GDB was configured as "i386-unknown-openbsd3.0"...
Core was generated by `kstash'.
Program terminated with signal 11, Segmentation fault.
Reading symbols from /usr/libexec/ld.so...done.
Reading symbols from /usr/local/lib/libldap.so.2.12...done.
Reading symbols from /usr/lib/libssl.so.5.1...done.
Reading symbols from /usr/local/lib/liblber.so.2.12...done.
Reading symbols from /usr/lib/libcrypto.so.5.1...done.
Reading symbols from /usr/lib/libc.so.28.0...done.
#0 0x640a in krb5_crypto_destroy (context=0x28000, crypto=0x0) at
crypto.c:2984
2984 for(i = 0; i < crypto->num_key_usage; i++)
(gdb) bt
#0 0x640a in krb5_crypto_destroy (context=0x28000, crypto=0x0) at
crypto.c:2984
#1 0x1d7a in hdb_free_master_key (context=0x28000, mkey=0x27140) at mkey.c:53
#2 0x1e77 in hdb_process_master_key (context=0x28000, kvno=1, key=0xdfbfd7ec,
etype=ETYPE_NULL, mkey=0xdfbfd794) at mkey.c:87
#3 0x1ed0 in hdb_add_master_key (context=0x28000, key=0xdfbfd7ec,
inout=0xdfbfd7d8) at mkey.c:103
#4 0x1b7e in main (argc=1, argv=0xdfbfdc3c) at kstash.c:111
(gdb) run
Starting program: /usr/heimdal/sbin/./kstash
Master key:
Verifying password - Master key:
Program received signal SIGSEGV, Segmentation fault.
0x640a in krb5_crypto_destroy (context=0x28000, crypto=0x0) at crypto.c:2984
2984 for(i = 0; i < crypto->num_key_usage; i++)
(gdb)
[/gdb output]
I can send you the core file and the ktrace.out file aswell if you want them.
This was a joyous email to compose at 1.30am, I hope the responses are as much
fun :)
Dave.