Thanks for the help. Yes that was the problem and I will use the users list to post questions too. Basically what I am tring to do is modify ApacheDS, in such a way that it uses some other directory... other than the datastore of apacheDs to lookup users and their information.
Can you give me some pointers.
I was thinking that would it be easier, if I use referrals, to look up users then I might not have to modfiy anything in apacheDs what are you thoughts

On 10/24/07, Enrique Rodriguez <> wrote:
On 10/20/07, Abdullah Zahur <> wrote:
> Hi all.
> I have been trying to set the Apache DS with Kerberos enabled. I am using
> the original server.xml that comes with apacheds code with out any changes
> and am using the Kerberos-example.ldif that also comes with the code....
> without modifications.
>  ...

It sounds like you need to un-comment the XML stanza that enables the
KeyDerivationService in the server.xml.  This service (interceptor)
intercepts writes of the user password to automatically derive the
keys required for Kerberos operation.  With the interceptor enabled,
you can either re-write the passwords using the LDAP protocol or you
can delete your database and reload the principals via LDIF import.

BTW, we have a users@ mailing list for user questions.