directory-users mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From Aleksandar Vidakovic <spa...@gmx.net>
Subject Re: Kerberos configuration with wrong user DN...
Date Tue, 15 Jan 2008 12:33:30 GMT
Emmanuel,

does it make a difference if I'm using version 1.5.1 or 1.0.2 (except
the obvious configuration differences)?

Because I was using 1.5.1 and after reading the articles on the website
a little bit more carefully it seems to me that 1.5.1 is some kind of
developer version...

Thanks again...

Cheers,

Aleks

Emmanuel Lecharny wrote:
> Aleksandar Vidakovic wrote:
>> As I understand it this means that the client is sending the right
>> information and something is badly configured on the ApacheDS side.
>> Right?
>>   
> Correct. It seems that the server is still looking in the wrong place :
> 
> [org.apache.directory.server.core.partition.DefaultPartitionNexus] -
> Check if DN
> '2.5.4.11=users,0.9.2342.19200300.100.1.25=example,0.9.2342.19200300.100.1.25=com'
> 
> 
> 
> 
> Is the new server.xml in place ? Has the server been restarted? Are you
> sure that the server.xml used is not the previous one ?
>> And then a little bit further I see this:
>>
>> [log]
>>
>>         at
>> org.apache.directory.server.kerberos.shared.store.SingleBaseSearch.execute(SingleBaseSearch.java:104)
>>
>>         ... 32 more
>> [12:11:13] DEBUG
>> [org.apache.directory.server.kerberos.protocol.KerberosProtocolHandler]
>> - Responding to request with error:
>>         explanatory text:      Client not found in Kerberos database
>>         error code:            6
>>         clientPrincipal:       null
>>         client time:           20080115111113Z
>>         serverPrincipal:       krbtgt/EXAMPLE.COM@EXAMPLE.COM
>>         server time:           null
>>
>> [/log]
>>
>> This is something that I wouldn't expect here; I did a new ApacheDS
>> installation and this entry doesn't exist in my LDIF that I am
>> importing. Is this log entry caused by the kerberos client?
>>   
> I think that you don't run the good server, or that you are using a
> previous install somehow.


Mime
View raw message