To:
[email protected]
On 8/20/25 23:43, Travis Bean wrote:
“Cannot bind to LDAP server ldapi:/// as ‘cn=kdc-srv,cn=krbContainer,dc=example,dc=local’: Invalid credentials
- while initializing database.”
This means libkdb_ldap called ldap_sasl_bind_s() and got back an LDAP_INVALID_CREDENTIALS response, most likely indicating that the LDAP
server didn't match the password from the service stash file.
I looked at the script you linked and didn't find any obvious problems,
but there might be more information in the slapd log. My next step
after that would be to use gdb to debug through first the MIT krb5 side
(making sure it read the expected password) and then slapd, after
building both components from source with -g and no -O option. It may
be easier to debug the MIT krb5 side if you can reproduce the problem
with kadmin.local.
--- SoupGate-Win32 v1.05
* Origin: fsxNet Usenet Gateway (21:1/5)