Hi Marco,
Marco Hoehle <MHO@zurich.ibm.com> wrote:
So set
database = {
acl_file = /var/heimdal/kadmin.acl
m_key = bla
dbname = ldap:bla ...
}
and check if it is working than.
Regards
marco
I have this section in my krb5.conf (not kdc.conf??)
[kdc]
database = {
acl_file = /var/heimdal/kadmind.acl
mkey_file = /var/heimdal/m-key
dbname = ldap:ou=krb5accounts,dc=our,dc=domain,dc=com
require-preauth = true
allow-anonymous = false
# enable-http = false
check-ticket-addresses = true
allow-null-ticket-addresses = false
allow-anonymous = false
kdc_warn_pwexpire = 7 days
logging = SYSLOG
}
I then restarted kdc and slapd processes and still it doesn't seem to recognize my kadmind.acl. On kdc logs I can see these last 4 lines:
Jan 9 08:25:31 ldap kadmind[35519]: jay@OUR.REALM: LIST *
Jan 9 08:25:31 ldap kadmind[35519]: LIST: ldap_search_s: No such object
Jan 9 08:25:31 ldap kadmind[35519]: jay@OUR.REAL: GET *@OUR.REALM
Jan 9 08:25:31 ldap kadmind[35519]: GET: Operation requires `get' privilege
Does the error has something to do with the second line "No such object"??
Any!
more
idea?
Thanks.