directory-users mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From "CORUM, M E [AG/1000]" <>
Subject RE: [ApacheDS] 1.5 Experience and Kerberos (any Kerberos experts out there?)
Date Mon, 23 Apr 2007 16:19:53 GMT

Yes, you've been helpful.  If I can't figure out anything else to try, I'll go ahead and build
the latest from the trunk.  Anyway, I tried des-cbc-md5 for the encryption type and still
got the same error.  I thought that was type 3 but I could be mistaken.

Enrique, are you out there?


-----Original Message-----
From: Emmanuel Lecharny [] 
Sent: Monday, April 23, 2007 10:57 AM
Subject: Re: [ApacheDS] 1.5 Experience and Kerberos (any Kerberos experts out there?)


On 4/23/07, CORUM, M E [AG/1000] <> wrote:
> (Just an aside on the issue of not being able to load the ldif file on
> startup in Windows.  It appears to be somehow related to the filename
> itself.  I found that if the ldif filename started with "ad", then the
> weird parsing took place and it always failed.  Perhaps this is an issue
> that only occurs on Windows.)

Oh? Very strange... Maybe we have hardcoded a method to reject everithing
containing AD on windows ;). Nahhh.  Ok, can you post us a failing ldif file
starting with ad ?

Since I was trying to do Kerberos anyway, I found that
> kerberos-example.ldif file and modified it for my environment.  I was
> able to get it loaded.  I am using a different domain than
> so I'm wondering if something in the server is hard-coded to

No. We have a server.xml file which contains the configuration for this
partition, but nothing more.

 I had lots of trouble getting it to recognize anything
> other than  I do have a partition matching my new domain
> and was able to load the file from the startup and verify the entries in
> JXplorer.

Modifying the name in server.xml should be enough. If you had specific
troubles, then let us know. May be the doco is not good enough, and doco is
part of the product, so...


Just because I don't know anyhing about the kerberos part. Enrique, you
around ?

Now, here is the bad part.  When I switch to have DEBUG
> as the log level, the server WON'T START!

yeah, this is a *bad* bug we have in 1.5.0. It has been fixed in trunks, so
I engage you to download the sources and build the server. here are the
instructions to do so :

Sorry about that :(

 When I flip back to INFO, the server starts fine but I can't get the
> deep details in the log.
> Can anybody help?

Hope I did, but if it's not enough, just ask again.

By the way, I'm wondering if the default algorithm for the key is
> different.  I'm on Windows and use to using 23.  I noticed that the
> Krb5EncryptionType is 3 rather than 23 in the directory so I'll look
> into that to see if that is my problem with Kerberos.

Enrique again ?


Emmanuel L├ęcharny

This e-mail message may contain privileged and/or confidential information, and is intended
to be received only by persons entitled to receive such information. If you have received
this e-mail in error, please notify the sender immediately. Please delete it and all attachments
from any servers, hard drives or any other media. Other use of this e-mail by you is strictly

All e-mails and attachments sent and received are subject to monitoring, reading and archival
by Monsanto. The recipient of this e-mail is solely responsible for checking for the presence
of "Viruses" or other "Malware". Monsanto accepts no liability for any damage caused by any
such code transmitted by or accompanying this e-mail or any attachment.

View raw message