https://bugzilla.suse.com/show_bug.cgi?id=1196526 https://bugzilla.suse.com/show_bug.cgi?id=1196526#c15 --- Comment #15 from Samuel Cabrero <scabrero@suse.com> --- Created attachment 857469 --> https://bugzilla.suse.com/attachment.cgi?id=857469&action=edit ldapsearch -b 'cn=schema' '(objectClass=*)' \* \+ (In reply to William Brown from comment #14)
I'm pretty sure the krb schema ships with 389-ds, so there should be no extra actions required to set this up.
If you can show me the output of "ldapsearch -H ldaps://<server url> -b 'cn=schema' '(objectClass=*') \* \+ " that would help a bit. Similar the output of rpm -ql 389-ds
Yes, you are right. The Kerberos schema is included in the 389-ds package:
tumbleweed:~ # rpm -ql 389-ds | grep -E 'krb|kerberos' /usr/share/dirsrv/data/60kerberos.ldif /usr/share/dirsrv/data/60krb5kdc.ldif
I think the problem here is that John created the directory instance without using YaST and then the kerberos schema is not added. For example, when using "dscreate interactive":
tumbleweed:~ # ldapsearch -H ldaps://tumbleweed.test.net -b 'cn=schema' -D "CN=Directory Manager" -w <redacted> '(objectClass=*)' \* \+ | grep krb tumbleweed:~ #
If the directory instance is created by yast-auth-server module then it should work.
/src/lib/authserver/dir/ds389.rb:
::FileUtils.copy('/usr/share/dirsrv/data/60kerberos.ldif', '/etc/dirsrv/slapd-' + instance_name + '/schema/60kerberos.ldif')
John, can you confirm your directory instance was not created using YaST and that everything works after adding the top-level entry and the kerberos schema to it? -- You are receiving this mail because: You are on the CC list for the bug.