[Bug 1817955] Re: Getting new "DN is out of the realm subtree" error on adding principal
Sergio Durigan Junior
1817955 at bugs.launchpad.net
Thu Feb 10 20:41:28 UTC 2022
Trusty has reached its end of standard support.
** Changed in: krb5 (Ubuntu Trusty)
Status: Triaged => Won't Fix
--
You received this bug notification because you are a member of Ubuntu
Foundations Bugs, which is subscribed to krb5 in Ubuntu.
https://bugs.launchpad.net/bugs/1817955
Title:
Getting new "DN is out of the realm subtree" error on adding principal
Status in krb5 package in Ubuntu:
Fix Released
Status in krb5 source package in Trusty:
Won't Fix
Bug description:
Recently applied security update to 14.04.5 LTS kerberos
(1.12+dfsg-2ubuntu5.4), and started getting errors when adding new
principals to LDAP.
Obfuscated example:
kadmin.local -q "ank -x
dn=\"uid=testuser,ou=People,dc=example,dc=com\" -pw \"dummypass\"
testuser"
now gives:
Authenticating as principal root/admin at TEST.EXAMPLE.COM with password.
NOTICE: no policy specified for testuser at TEST.EXAMPLE.COM; assigning "default"
add_principal: DN is out of the realm subtree while creating "testuser at TEST.EXAMPLE.COM".
This worked up through 1.12+dfsg-2ubuntu5.3, and I think it now fails due to changes in src/plugins/kdb/ldap/libkdb_ldap/ldap_principal2.c in response to CVE-2018-5729 or CVE-2018-5730.
I'm going to attempt a downgrade to 1.12+dfsg-2ubuntu5.3 to check.
To manage notifications about this bug go to:
https://bugs.launchpad.net/ubuntu/+source/krb5/+bug/1817955/+subscriptions
More information about the foundations-bugs
mailing list