KDC with LDAP backend can't add principal

classic Classic list List threaded Threaded
1 message Options
Reply | Threaded
Open this post in threaded view
|

KDC with LDAP backend can't add principal

Micro dong
Hi,

I am trying to install a KDC with an OpenLDAP backend, following
instructions found on the MIT kerberos site. Installation went fine and I
can see that the default principals have been created.

However, I cannot add new principals :
   kadmin.local -q "addprinc -randkey test001"
Authenticating as principal root/[hidden email] with password.
WARNING: no policy specified for [hidden email]; defaulting to no policy
add_principal: Principal add failed: Insufficient access while
creating "[hidden email]".

   And my acl in openldap is:

access to dn.base=""
    by * read

access to dn.base="cn=Subschema"
    by * read

access to attrs=userPassword,userPKCS12
    by self write
    by * auth

access to attrs=shadowLastChange
    by self write
    by * read

# Providing access to realm container
access to dn.subtree="cn=HADOOP.COM,cn=kerberos,dc=xitong,dc=qh,dc=com"
    by dn.exact="uid=krb5kdc,cn=krbcontainer,dc=xitong,dc=qh,dc=com" write
    by dn.exact="uid=kadmind,cn=krbcontainer,dc=xitong,dc=qh,dc=com" write
    by * none


access to *
    by * read


Any help would be highly appreciated.

*Best regards*
_______________________________________________
krbdev mailing list             [hidden email]
https://mailman.mit.edu/mailman/listinfo/krbdev