Just appears to be an issue with the documentation as noted by Gabriels previously linked bug report https://bugs.launchpad.net/serverguide/+bug/1409392
Can confirm that following the guide but making the change highlighted by https://bugs.launchpad.net/ubuntu/+source/krb5/+bug/1363897/comments/3 the containers look to have been created successfully and kadmin looks populated, it was also able to add the kerberos attributes to an existing user in the ldap database. This was all without making any other changes, so regarding Rob's query the kdb5_ldap_util create line stayed as is. -- You received this bug notification because you are a member of Ubuntu Touch seeded packages, which is subscribed to krb5 in Ubuntu. https://bugs.launchpad.net/bugs/1363897 Title: kdb5_ldap_util can not create krbContainer Status in krb5 package in Ubuntu: Confirmed Bug description: Following instructions on https://help.ubuntu.com/10.04/serverguide/kerberos-ldap.html creating the initial database with kdb5_ldap_util (>>sudo kdb5_ldap_util -D cn=admin,dc=app,dc=tsn create -subtrees dc=app,dc=tsn -r APP.TSN -s -H ldap:///ldap01.app.tsn) fails with error message: >>kdb5_ldap_util: Kerberos Container create FAILED: Object class violation while creating realm 'APP.TSN' after reading these mails http://comments.gmane.org/gmane.comp.encryption.kerberos.general/18509 setting up loglevel for slapd in syslog, following error message can be found: ---------- Sep 1 09:52:19 ldap01 slapd[1165]: ==> hdb_add: dc=app,dc=tsn Sep 1 09:52:19 ldap01 slapd[1165]: oc_check_required entry (dc=app,dc=tsn), objectClass "krbContainer" Sep 1 09:52:19 ldap01 slapd[1165]: oc_check_allowed type "objectClass" Sep 1 09:52:19 ldap01 slapd[1165]: oc_check_allowed type "cn" Sep 1 09:52:19 ldap01 slapd[1165]: oc_check_allowed type "structuralObjectClass" Sep 1 09:52:19 ldap01 slapd[1165]: oc_check_allowed type "dc" Sep 1 09:52:19 ldap01 slapd[1165]: Entry (dc=app,dc=tsn), attribute 'dc' not allowed Sep 1 09:52:19 ldap01 slapd[1165]: hdb_add: entry failed schema check: attribute 'dc' not allowed (65) ----------- System: Ubuntu 14.04 LTS slapd 2.4.31-1+nmu amd64 krb5-config 2.3 krb5-kdc 1.12+dfsg-2u amd64 krb5-kdc-ldap 1.12+dfsg-2u amd64 krb5-locales 1.12+dfsg-2u krb5-user 1.12+dfsg-2u amd64 To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu/+source/krb5/+bug/1363897/+subscriptions -- Mailing list: https://launchpad.net/~touch-packages Post to : touch-packages@lists.launchpad.net Unsubscribe : https://launchpad.net/~touch-packages More help : https://help.launchpad.net/ListHelp
