Ubuntu Server Guide

Update recommendations for OpenLDAP indices in Kerberos database

Bug #1843504 reported by Dilyan Palauzov
6
This bug affects 1 person
Affects Status Importance Assigned to Milestone
Ubuntu Server Guide
New
Undecided
Unassigned

Bug Description

https://help.ubuntu.com/lts/serverguide/kerberos-ldap.html suggests creating the index

olcDbIndex: krbPrincipalName eq,pres,sub

but according to https://github.com/krb5/krb5/pull/974#issuecomment-530128875 there only EQ index is necessary.

Moreover it proposes adjusting the access rights to the userPassword and shadowLastChange attributes, but these attributes do not exist in the database.

See also https://github.com/krb5/krb5/pull/974 for changes on the documentation in MIT Kerberos on this.

To post a comment you must log in.
This report contains Public information  
Everyone can see this information.
Subscribing...

Other bug subscribers

Remote bug watches

Bug watches keep track of this bug in other bug trackers.