0

我在我的机器上配置了带有 kerberos 身份验证的 LDAP。配置后,我无法使用kpasswd.

我的krb5.conf档案。

https://docs.zoho.com/writer/published.do?rid=cm31c11feb23f172345f8a4851ae80e504756

LDAP 配置

    dn: cn=config

objectClass: olcGlobal

cn: config

olcArgsFile: /var/run/slapd/slapd.args

olcAuthzRegexp: {0}uid=([^,]+),cn=ultrasound.zmedia.com,cn=gssapi,cn=auth uid=$1

,ou=users,dc=ultrasound,dc=zmedia,dc=com

olcLogLevel: stats

olcPidFile: /var/run/slapd/slapd.pid

olcSaslRealm: ULTRASOUND.ZMEDIA.COM

olcToolThreads: 1



dn: olcDatabase={1}hdb,cn=config

objectClass: olcDatabaseConfig

objectClass: olcHdbConfig

olcDatabase: {1}hdb

olcDbDirectory: /var/lib/ldap

olcSuffix: dc=ultrasound,dc=zmedia,dc=com

olcAccess: {0}to attrs=userPassword,shadowLastChange by self write by anonymou

s auth by * none

olcAccess: {1}to dn.subtree="ou=krb5,dc=ultrasound,dc=zmedia,dc=com" by dn="cn=a

 dm-srv,ou=krb5,dc=ultrasound,dc=zmedia,dc=com" write by dn="cn=kdc-srv,ou=krb5,

dc=ultrasound,dc=zmedia,dc=com" read by * none

olcAccess: {2}to attrs=loginShell by self write by users read by * none

olcAccess: {3}to dn.base="" by * read

olcAccess: {4}to * by users read by * none

olcLastMod: TRUE

olcRootDN: uid=admin,ou=users,dc=ultrasound,dc=zmedia,dc=com

olcDbCheckpoint: 512 30

olcDbConfig: {0}set_cachesize 0 2097152 0

olcDbConfig: {1}set_lk_max_objects 1500

olcDbConfig: {2}set_lk_max_locks 1500

olcDbConfig: {3}set_lk_max_lockers 1500

olcDbIndex: objectClass eq

olcDbIndex: uid eq

错误日志

 ==> /var/log/kerberos/kdc.log <==
May 20 19:51:30 bharathi krb5kdc[16333](info): AS_REQ (4 etypes {18 17 16 23}) 127.0.0.1: ISSUE: authtime 1369059690, etypes {rep=18 tkt=18 ses=18}, john@ULTRASOUND.ZMEDIA.COM for kadmin/changepw@ULTRASOUND.ZMEDIA.COM

==> /var/log/syslog <==
May 20 19:51:30 bharathi slapd[10090]: conn=1092 op=42 SEARCH RESULT tag=101 err=0 nentries=1 text=
May 20 19:51:30 bharathi slapd[10090]: conn=1092 op=43 SRCH base="krbPrincipalName=skumar-0670@ULTRASOUND.ZMEDIA.COM,cn=ULTRASOUND.ZMEDIA.COM,ou=krb5,dc=ultrasound,dc=zmedia,dc=com" scope=0 deref=0 filter="(objectClass=*)"
May 20 19:51:30 bharathi slapd[10090]: conn=1092 op=43 SRCH attr=objectclass
May 20 19:51:30 bharathi slapd[10090]: conn=1092 op=43 SEARCH RESULT tag=101 err=0 nentries=1 text=
May 20 19:51:30 bharathi slapd[10090]: conn=1092 op=44 MOD dn="krbPrincipalName=john@ULTRASOUND.ZMEDIA.COM,cn=ULTRASOUND.ZMEDIA.COM,ou=krb5,dc=ultrasound,dc=zmedia,dc=com"
May 20 19:51:30 bharathi slapd[10090]: conn=1092 op=44 MOD attr=krbLastSuccessfulAuth krbExtraData
May 20 19:51:30 bharathi slapd[10090]: conn=1092 op=44 RESULT tag=103 err=50 text=
4

1 回答 1

1

检查 MODIFY 请求的结果代码。

于 2013-05-20T15:23:46.377 回答