directory-users mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From "Emmanuel Lecharny" <>
Subject Re: [ApacheDS] 1.5 Experience and Kerberos (any Kerberos experts out there?)
Date Mon, 23 Apr 2007 15:57:21 GMT

On 4/23/07, CORUM, M E [AG/1000] <> wrote:
> (Just an aside on the issue of not being able to load the ldif file on
> startup in Windows.  It appears to be somehow related to the filename
> itself.  I found that if the ldif filename started with "ad", then the
> weird parsing took place and it always failed.  Perhaps this is an issue
> that only occurs on Windows.)

Oh? Very strange... Maybe we have hardcoded a method to reject everithing
containing AD on windows ;). Nahhh.  Ok, can you post us a failing ldif file
starting with ad ?

Since I was trying to do Kerberos anyway, I found that
> kerberos-example.ldif file and modified it for my environment.  I was
> able to get it loaded.  I am using a different domain than
> so I'm wondering if something in the server is hard-coded to

No. We have a server.xml file which contains the configuration for this
partition, but nothing more.

 I had lots of trouble getting it to recognize anything
> other than  I do have a partition matching my new domain
> and was able to load the file from the startup and verify the entries in
> JXplorer.

Modifying the name in server.xml should be enough. If you had specific
troubles, then let us know. May be the doco is not good enough, and doco is
part of the product, so...


Just because I don't know anyhing about the kerberos part. Enrique, you
around ?

Now, here is the bad part.  When I switch to have DEBUG
> as the log level, the server WON'T START!

yeah, this is a *bad* bug we have in 1.5.0. It has been fixed in trunks, so
I engage you to download the sources and build the server. here are the
instructions to do so :

Sorry about that :(

 When I flip back to INFO, the server starts fine but I can't get the
> deep details in the log.
> Can anybody help?

Hope I did, but if it's not enough, just ask again.

By the way, I'm wondering if the default algorithm for the key is
> different.  I'm on Windows and use to using 23.  I noticed that the
> Krb5EncryptionType is 3 rather than 23 in the directory so I'll look
> into that to see if that is my problem with Kerberos.

Enrique again ?


Emmanuel L├ęcharny

  • Unnamed multipart/alternative (inline, None, 0 bytes)
View raw message