[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: kadmind.acl failed after transferring principals to openldap

Hi Marco,  

Marco Hoehle <MHO@zurich.ibm.com> wrote:
So set
database = {
acl_file = /var/heimdal/kadmin.acl
m_key = bla
dbname = ldap:bla ...

and check if it is working than.


I have this section in my krb5.conf (not kdc.conf??)

        database = {
        acl_file = /var/heimdal/kadmind.acl
        mkey_file = /var/heimdal/m-key
        dbname  = ldap:ou=krb5accounts,dc=our,dc=domain,dc=com
        require-preauth = true
        allow-anonymous = false
#       enable-http = false
        check-ticket-addresses = true
        allow-null-ticket-addresses = false
        allow-anonymous = false
        kdc_warn_pwexpire = 7 days
        logging = SYSLOG

I then restarted kdc and slapd processes and still it doesn't seem to recognize my kadmind.acl. On kdc logs I can see these last 4 lines:

Jan  9 08:25:31 ldap kadmind[35519]: jay@OUR.REALM: LIST *
Jan  9 08:25:31 ldap kadmind[35519]: LIST: ldap_search_s: No such object
Jan  9 08:25:31 ldap kadmind[35519]: jay@OUR.REAL: GET *@OUR.REALM
Jan  9 08:25:31 ldap kadmind[35519]: GET: Operation requires `get' privilege

Does the error has something to do with the second line "No such object"??
Any! more idea?


Yahoo! Photos
Ring in the New Year with Photo Calendars. Add photos, events, holidays, whatever.