|Date:||Tue, 03 Dec 2013 21:10:13 -0500|
|From:||Richard Basch <firstname.lastname@example.org>|
|Subject:||RE: Kerberos LDAP issues (1.11)|
|CC:||"'Richard Basch'" <email@example.com>, firstname.lastname@example.org|
In addition to the missing policy attributes I previously listed, it appears there are also missing principal attributes in the schema, such as:
From: Richard Basch [mailto:email@example.com]
Sent: Tuesday, December 03, 2013 8:55 PM
Cc: 'Richard Basch'; 'firstname.lastname@example.org'
Subject: Kerberos LDAP issues (1.11)
The schema on the web site is lacking various required attributes to support Kerberos with a LDAP backend.
When I tried creating a password policy, I encountered errors because of missing attribute definitions and discovered the following were lacking in the schema:
I also am encountering issues loading a dump file (i.e. doing a conversion). Even after resolving the above missing attribute definitions, I find about 1% of the principals fail to be loaded (when using kdb5_util load –update …)
<dumpfile>(line #): cannot store principal@REALM(Database store error)
<dumpfile>(line #): cannot read dump entry header
I plan to enable additional debugging to determine the cause of the above, but I know the dump file is fine because the same dump file can be loaded into a db2 backend without issue.