[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: importing an existing base into ldap

To: Javier Palacios <javiplx@gmail.com>
Subject: Re: importing an existing base into ldap
From: Guillaume Rousse <Guillaume.Rousse@inria.fr>
Date: Tue, 27 May 2008 13:56:38 +0200
CC: heimdal-discuss@sics.se
In-Reply-To: <a64bf030805250256i5a9101a4xc6bbfa3f63a51e69@mail.gmail.com>
List-Archive: <http://list.sics.se/sympa/arc/heimdal-discuss>
List-Help: <mailto:sympa@sics.se?subject=help>
List-Id: <heimdal-discuss.sics.se>
List-Owner: <mailto:heimdal-discuss-request@sics.se>
List-Post: <mailto:heimdal-discuss@sics.se>
List-Subscribe: <mailto:sympa@sics.se?subject=subscribe%20heimdal-discuss>
List-Unsubscribe: <mailto:sympa@sics.se?subject=unsubscribe%20heimdal-discuss>
References: <48343A75.2020100@inria.fr> <a64bf030805220055v221c1f4m8c771bc69684fc8f@mail.gmail.com> <48352B55.60606@inria.fr> <a64bf030805220121j1d4ea83l9c6dcf7485b6b1ba@mail.gmail.com> <4836CDD8.3020204@inria.fr> <a64bf030805250256i5a9101a4xc6bbfa3f63a51e69@mail.gmail.com>
Reply-To: heimdal-discuss@sics.se, Guillaume Rousse <Guillaume.Rousse@inria.fr>
User-Agent: Thunderbird 2.0.0.14 (X11/20080504)

Javier Palacios a écrit :
>> 2008-05-23T15:38:48 hdb_store: ldap_add_s: noe@LILLE.FUTURS.INRIA.FR
>> (DN=krb5PrincipalName=noe@LILLE.FUTURS.INRIA.FR,ou=kerberos,dc=futurs,dc=inria,dc=fr-NEW)
>> Server is unwilling to perform: no global superior knowledge
>>
> 
> No idea about the -NEW but another alternative approach. It is so
> obvious that might be not attempted. Just dump your current KDC, setup
> a new heimdal-ldap and restore the principals from the dump.
I sometimes feel stupid...

OK, it works, but it chokes on some principals, by trying to create 
entries without the attribute used in the DN:

kadmin: db_store: ldap_modify_s: 
http/ovirt2.lille.inria.fr@LILLE.FUTURS.INRIA.FR 
(DN=krb5PrincipalName=HTTP/ovirt2.lille.inria.fr@LILLE.FUTURS.INRIA.FR,ou=kerberos,dc=futurs,dc=inria,dc=fr) 
Naming violation: value of naming attribute 'krb5PrincipalName' is not 
present in entry

Looking at the dump, it seems to be a case issue, as I got a 
HTTP/ovirt2.lille.inria.fr@LILLE.FUTURS.INRIA.FR principal, imported 
correctly, followed by a 
http/ovirt2.lille.inria.fr@LILLE.FUTURS.INRIA.FR one, which triggered
the error.

According to the ldap schema, krb5PrincipalName is case sensitive 
(EQUALITY caseExactIA5Match), so should be the DN also.
-- 
Guillaume Rousse
Moyens Informatiques - INRIA Futurs
Tel: 01 69 35 69 62

Follow-Ups:
- Re: importing an existing base into ldap
  - From: Love Hörnquist Åstrand <lha@kth.se>

References:
- importing an existing base into ldap
  - From: Guillaume Rousse <Guillaume.Rousse@inria.fr>
- Re: importing an existing base into ldap
  - From: "Javier Palacios" <javiplx@gmail.com>
- Re: importing an existing base into ldap
  - From: Guillaume Rousse <Guillaume.Rousse@inria.fr>
- Re: importing an existing base into ldap
  - From: "Javier Palacios" <javiplx@gmail.com>
- Re: importing an existing base into ldap
  - From: Guillaume Rousse <Guillaume.Rousse@inria.fr>
- Re: importing an existing base into ldap
  - From: "Javier Palacios" <javiplx@gmail.com>

Prev by Date: Re: smbk5pwd crash for missing symbol
Next by Date: Alternative Medicine Contact List and many more from other medical professions
Prev by thread: Re: importing an existing base into ldap
Next by thread: Re: importing an existing base into ldap
Index(es):
- Date
- Thread