Hi Dieter,
I did a "slaptest -f $configfile -F $path" command, here are the results :
/etc/ldap/slapd.d/cn=config/cn=module{0}.ldif ---- ... olcModuleLoad: {0}back_bdb olcModuleLoad: {1}ppolicy.la olcModuleLoad: {2}smbk5pwd.la ...
/etc/ldap/slapd.d/cn=config/olcDatabase={1}bdb/olcOverlay={2}smbk5pwd.ldif --- dn: olcOverlay={2}smbk5pwd objectClass: olcOverlayConfig objectClass: olcSmbK5PwdConfig olcOverlay: {2}smbk5pwd olcSmbK5PwdEnable: samba olcSmbK5PwdMustChange: 0 olcSmbK5PwdCanChange: 0 structuralObjectClass: olcSmbK5PwdConfig entryUUID: 4fffa030-4543-102f-8b00-5f29b421ba43 creatorsName: cn=config createTimestamp: 20100826095158Z entryCSN: 20100826095158.762397Z#000000#000#000000 modifiersName: cn=config modifyTimestamp: 20100826095158Z
I still have the following errors : smbk5pwd: unable to find "krb5KDCEntry" objectClass. Aug 26 11:52:03 deathnote2 slapd[13165]: config error processing olcOverlay={2}smbk5pwd,olcDatabase={1}bdb,cn=config: <olcSmbK5PwdEnable> handler exited with 1 Aug 26 11:52:03 deathnote2 slapd[13165]: slapd stopped.
I thought that if i specify "olcSmbK5PwdEnable" parameter, it doesn't look for the krb5KDCEntry attribute...
Thanks for your help, Smaine
----- Mail Original ----- De: "Dieter Kluenter" dieter@dkluenter.de À: openldap-technical@openldap.org Envoyé: Jeudi 26 Août 2010 11h12:47 GMT +01:00 Amsterdam / Berlin / Berne / Rome / Stockholm / Vienne Objet: Re: Samba, Openldap and ppolicy
smainklh@free.fr writes:
Now another error :(
@(#) $OpenLDAP: slapd 2.4.23 (Aug 24 2010 14:56:29) $ root@myserver:/root/openldap-2.4.23/debian/build/servers/slapd slapd[11666]: UNKNOWN attributeDescription "OLCSMBK5PWDENABLE" inserted. slapd[11666]: config error processing olcOverlay={2}smbk5pwd,olcDatabase={1}bdb,cn=config,olcDatabase={1}bdb,cn=config:
The module smbk5pwd has not been loaded
Old fashion configuration file :
include /etc/ldap/schema/samba.schema ...
moduleload smbk5pwd.la ... overlay smbk5pwd smbk5pwd-enable samba
Overlay configuration :
dn: olcOverlay={2}smbk5pwd,olcDatabase={1}bdb,cn=config objectClass: olcOverlayConfig objectClass: olcSmbK5PwdConfig olcOverlay: {2}smbk5pwd olcSmbK5PwdEnable: samba
You didn't provide a cn={x}module,cn=config entry, so most likely you have not added an entry to load the module.
-Dieter
smainklh@free.fr writes:
Hi Dieter,
I did a "slaptest -f $configfile -F $path" command, here are the results :
/etc/ldap/slapd.d/cn=config/cn=module{0}.ldif
... olcModuleLoad: {0}back_bdb olcModuleLoad: {1}ppolicy.la olcModuleLoad: {2}smbk5pwd.la ...
/etc/ldap/slapd.d/cn=config/olcDatabase={1}bdb/olcOverlay={2}smbk5pwd.ldif
dn: olcOverlay={2}smbk5pwd objectClass: olcOverlayConfig objectClass: olcSmbK5PwdConfig olcOverlay: {2}smbk5pwd olcSmbK5PwdEnable: samba olcSmbK5PwdMustChange: 0 olcSmbK5PwdCanChange: 0 structuralObjectClass: olcSmbK5PwdConfig entryUUID: 4fffa030-4543-102f-8b00-5f29b421ba43 creatorsName: cn=config createTimestamp: 20100826095158Z entryCSN: 20100826095158.762397Z#000000#000#000000 modifiersName: cn=config modifyTimestamp: 20100826095158Z
I still have the following errors : smbk5pwd: unable to find "krb5KDCEntry" objectClass. Aug 26 11:52:03 deathnote2 slapd[13165]: config error processing olcOverlay={2}smbk5pwd,olcDatabase={1}bdb,cn=config: <olcSmbK5PwdEnable> handler exited with 1 Aug 26 11:52:03 deathnote2 slapd[13165]: slapd stopped.
I thought that if i specify "olcSmbK5PwdEnable" parameter, it doesn't look for the krb5KDCEntry attribute...
The krb5KDCentry objectClass is defined in smbK5pwd.c. If the module is properly loaded, this objectclass should be present. Are you sure that the module has been loaded at all?
-Dieter
Dieter Kluenter wrote:
The krb5KDCentry objectClass is defined in smbK5pwd.c. If the module is properly loaded, this objectclass should be present.
Nope, have a look at smbk5pwd.c. The heimdal LDAP schema has to be loaded separately.
Ciao, Michael.
Ok, thanks. What should i do ?
I installed the following packages from the debian unstable repository : ii slapd 2.4.23-3 OpenLDAP server (slapd) ii slapd-smbk5pwd 2.4.23-3 Keeps Samba and Kerberos passwords in sync w
Do i have to compile smbk5pwd or both of the above packages ? How could i load the heimdal ldap schema ?
Regards, Smaine
----- Mail Original ----- De: "Michael Ströder" michael@stroeder.com À: "Dieter Kluenter" dieter@dkluenter.de Cc: openldap-technical@openldap.org Envoyé: Jeudi 26 Août 2010 14h23:59 GMT +01:00 Amsterdam / Berlin / Berne / Rome / Stockholm / Vienne Objet: Re: Samba, Openldap and ppolicy
Dieter Kluenter wrote:
The krb5KDCentry objectClass is defined in smbK5pwd.c. If the module is properly loaded, this objectclass should be present.
Nope, have a look at smbk5pwd.c. The heimdal LDAP schema has to be loaded separately.
Ciao, Michael.
smainklh@free.fr writes:
Ok, thanks. What should i do ?
I installed the following packages from the debian unstable repository : ii slapd 2.4.23-3 OpenLDAP server (slapd) ii slapd-smbk5pwd 2.4.23-3 Keeps Samba and Kerberos passwords in sync w
Do i have to compile smbk5pwd or both of the above packages ? How could i load the heimdal ldap schema ?
the smbk5pwd/README clearly says:
To use the overlay, add: include <path to>/krb5-kdc.schema include <path to>/samba.schema moduleload <path to>smbk5pwd.so
You should probably check a debian repository for krb5-kdc.schema.
-Dieter
Michael Ströder michael@stroeder.com writes:
Dieter Kluenter wrote:
The krb5KDCentry objectClass is defined in smbK5pwd.c. If the module is properly loaded, this objectclass should be present.
Nope, have a look at smbk5pwd.c. The heimdal LDAP schema has to be loaded separately.
OK, found it in the DO_KRB5 function /* Make sure all of our necessary schema items are loaded */ ...
-Dieter
openldap-technical@openldap.org
-
Dieter Kluenter -
Michael Ströder -
smainklh@free.fr