Closed nut-api closed 2 years ago
deskoh
commented
3 years ago Can you try to run the following in the openldap container?
LDAP_BASE_DN="dc=example,dc=org"
kdb5_ldap_util stashsrvpw -f /etc/krb5kdc/ldap.stash uid=kdc-service,${LDAP_BASE_DN}
kdb5_ldap_util stashsrvpw -f /etc/krb5kdc/ldap.stash uid=kadmin-service,${LDAP_BASE_DN}The bootstrap suppose to run and create the stash file here:
https://github.com/deskoh/keycloak-kerberos/blob/master/openldap/service/z_krb5kdc/process.sh
nut-api
commented
3 years ago Can you try to run the following in the openldap container?
LDAP_BASE_DN="dc=example,dc=org" kdb5_ldap_util stashsrvpw -f /etc/krb5kdc/ldap.stash uid=kdc-service,${LDAP_BASE_DN} kdb5_ldap_util stashsrvpw -f /etc/krb5kdc/ldap.stash uid=kadmin-service,${LDAP_BASE_DN}The bootstrap suppose to run and create the stash file here:
https://github.com/deskoh/keycloak-kerberos/blob/master/openldap/service/z_krb5kdc/process.sh
Thank for reply It happen like this after run command
Authenticating as principal root/admin@EXAMPLE.ORG with password. kadmin.local: Cannot find master key record in database while initializing kadmin.local interface
rstub
commented
3 years ago I encountered the same problems and found that krb5kdc and kadmind where not running in my container because the corresponding process.sh files where not executable after cloning the git repo and building the image. Solution:
$ chmod a+x openldap/service/z_kadmind/process.sh openldap/service/z_krb5kdc/process.sh
$ docker-compose build openldapshould be fixed by https://github.com/deskoh/keycloak-kerberos/pull/3
When i connect to openldap contianer and call kadmin.local
Authenticating as principal root/admin@EXAMPLE.ORG with password. kadmin.local: Error reading password from stash: Cannot open LDAP password file '/etc/krb5kdc/ldap.stash': No such file or directory while initializing kadmin.local interface