Ubuntu Server Guide

Merge lp:~ahasenack/serverguide/kerberos-ldap-bad-config-1409392 into lp:serverguide/trunk

  1. kerberos-ldap-bad-config-1409392
  2. Merge into trunk
Proposed by Andreas Hasenack
Status: Merged
Approved by: Doug Smythies
Approved revision: 327
Merge reported by: Doug Smythies
Merged at revision: not available
Proposed branch: lp:~ahasenack/serverguide/kerberos-ldap-bad-config-1409392
Merge into: lp:serverguide/trunk
Diff against target: 31 lines (+13/-1)
1 file modified
serverguide/C/network-auth.xml (+13/-1)
To merge this branch: bzr merge lp:~ahasenack/serverguide/kerberos-ldap-bad-config-1409392
Reviewer Review Type Date Requested Status
Doug Smythies Approve
Review via email: mp+323906@code.launchpad.net

Commit message

Specify the correct DN for the ldap_kerberos_container_dn option.

Description of the change

Specify the correct DN for the ldap_kerberos_container_dn option. The KDC will try to create a krbContainer at that dn, and it's a structural object class, so it can't be the toplevel dc=example,dc=com one which already is a "organization" structural object class.

I also added a missing section telling the user to actually start the kerberos services.

To post a comment you must log in.
Revision history for this message
Doug Smythies (dsmythies) wrote :

Shouldn't these two lines:

+<command>sudo service krb5-kdc start</command>
+<command>sudo service krb5-admin-server start</command>

Be:

+<command>sudo systemctl start krb5-kdc</command>
+<command>sudo systemctl start krb5-admin-server</command>

For the 16.04 Serverguide release we changed all occurrences of "sudo service" to "sudo systemctl".

(and I now realize I missed the same thing in a couple of the previous MP's. I'll fix them all at once, but as a separate commit, if you agree.)

Revision history for this message
Andreas Hasenack (ahasenack) wrote :

It's ok to change. I personally prefer the shorter version, but systemctl is certainly fine, and even better if the rest of the documentation uses systemctl. Consistency ftw!

Thanks for catching it

Revision history for this message
Andreas Hasenack (ahasenack) wrote :

I pushed the changes.

Revision history for this message
Andreas Hasenack (ahasenack) wrote :

There is an outage going on right now, it may be a while before the diff is updated on this merge proposal page.

lp:~ahasenack/serverguide/kerberos-ldap-bad-config-1409392 updated
327. By Andreas Hasenack

Use systemctl instead of service to start the kerberos services, which is what is used in other parts of the guide.

Revision history for this message
Doug Smythies (dsmythies) wrote :

O.K. thanks

review: Approve

Preview Diff

[H/L] Next/Prev Comment, [J/K] Next/Prev File, [N/P] Next/Prev Hunk
=== modified file 'serverguide/C/network-auth.xml'
--- serverguide/C/network-auth.xml 2017-05-10 23:35:22 +0000
+++ serverguide/C/network-auth.xml 2017-05-11 18:39:25 +0000
@@ -3664,7 +3664,7 @@
3664...3664...
36653665
3666[dbdefaults]3666[dbdefaults]
3667 ldap_kerberos_container_dn = dc=example,dc=com3667 ldap_kerberos_container_dn = cn=krbContainer,dc=example,dc=com
36683668
3669[dbmodules]3669[dbmodules]
3670 openldap_ldapconf = {3670 openldap_ldapconf = {
@@ -3743,6 +3743,18 @@
3743 </note>3743 </note>
3744 3744
3745 </listitem>3745 </listitem>
3746
3747 <listitem>
3748
3749 <para>
3750 Start the Kerberos KDC and admin server:
3751 </para>
3752
3753<screen>
3754<command>sudo systemctl start krb5-kdc</command>
3755<command>sudo systemctl start krb5-admin-server</command>
3756</screen>
3757 </listitem>
3746 </itemizedlist>3758 </itemizedlist>
37473759
3748 <para>3760 <para>

Subscribers

People subscribed via source and target branches