In case anyone has a similar issue, I was able to get it set up eventually. The problem was that I needed to create the "dc=example,dc=com" entry first. I don't understand why I was able to create a rootdn user called "cn=admin,dc=example,dc=com" if "dc=example,dc=com" doens't exist, but anyway I created a ldif file like this:
dn: dc=example,dc=com objectClass: domain And after running ldapmodify on that, I was able to finish creating the krb5 database. Thanks, John On Wed, Feb 6, 2019 at 12:21 PM John Byrne <[email protected]> wrote: > Thanks for the replies. I had found a walkthrough on setting up LDAP on > it's own on that site too: > > https://community.hortonworks.com/articles/79806/how-to-setup-openldap-24-on-centos-7.html > > And that explained how to set up the user with the access I needed - that > got me past that error from my last email. > > Now I'm getting this: > > $ kdb5_ldap_util -D cn=admin,dc=example,dc=com -H ldapi:/// create -s > Password for "cn=admin,dc=example,dc=com": > Initializing database for realm 'EXAMPLE.COM' > You will be prompted for the database Master Password. > It is important that you NOT FORGET this password. > Enter KDC database master key: > Re-enter KDC database master key to verify: > kdb5_ldap_util: Kerberos Container create FAILED: No such object while > creating realm 'EXAMPLE.COM' > > I'll take a look at the tutorial you linked to, but I just thought I'd > post this and see if anyone recognizes the error message. > > -John > > > On Wed, Feb 6, 2019 at 11:49 AM Todd Grayson <[email protected]> > wrote: > >> I'm not sure whats going on with the error message you are seeing. >> >> AS far as how to info: The hortonworks community has a walkthrough of MIT >> KDC with LDAP backend on CentOS7, here: >> >> >> https://community.hortonworks.com/articles/199542/configuring-kerberos-with-openldap-back-end.html >> >> On Tue, Feb 5, 2019 at 1:33 PM John Byrne <[email protected]> wrote: >> >>> Hi, >>> >>> I'm trying to set up the KDC with the LDAP plugin. I've been using: >>> >>> https://web.mit.edu/kerberos/krb5-latest/doc/admin/conf_ldap.html >>> and >>> >>> https://web.mit.edu/kerberos/krb5-latest/doc/admin/advanced/ldapbackend.html#ldap-be-ubuntu >>> >>> as references (I'm not using Ubuntu, I'm using CentOS 7 but most of the >>> info on the Ubuntu page above seems to be fairly generic). >>> >>> When I run the command to create the database, it challenges me for a >>> password. I didn't set one up, and if I just hit enter, I get this: >>> >>> $ sudo kdb5_ldap_util -D cn=admin,dc=example,dc=com -H ldapi:/// create >>> -s >>> Password for "cn=admin,dc=example,dc=com": >>> kdb5_ldap_util: Cannot allocate memory while retrieving ldap >>> configuration >>> >>> Now, I don't really know much about LDAP, so I could be missing >>> something. >>> Do I have to create "cn=admin,dc=example,dc=com" as a user somehow >>> before I >>> run this? >>> >>> I've tried reading up on LDAP, but I haven't found anything that explains >>> what I need to do here. I'm looking for a shortcut to the quickest >>> possible >>> setup - I don't really need LDAP except that I'm trying to test >>> constrained >>> delegation in a web application, and apparently that only works with the >>> LDAP backend. >>> >>> Can anyone explain what's the bare minimum I need to do to get this >>> working? >>> >>> Thanks, >>> John >>> ________________________________________________ >>> Kerberos mailing list [email protected] >>> https://mailman.mit.edu/mailman/listinfo/kerberos >>> >> >> >> -- >> Todd Grayson >> Customer Operations Engineering >> Security SME >> >> ________________________________________________ Kerberos mailing list [email protected] https://mailman.mit.edu/mailman/listinfo/kerberos
