When I ran kdb5_util dump I had two initial problems. First, the LDAP
plugin was not finding the bind DN because open_db_and_mkey() was
passing KRB5_KDB_SRV_TYPE_OTHER to krb5_db_open(). When I change this
to KRB5_KDB_SRV_TYPE_ADMIN then the ldap_kadmind_dn parameter is used
from krb5.conf and a valid bind DN is found. Second,
krb5_ldap_iterate() will core dump when it is called withy a NULL
match_expr arg. This is how dump_db calls krb5_db_iterate(). I updated
krb5_ldap_iterate() to use a default_match_expr of "*" if match_expr ==
NULL.
ticket: new
git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@18736
dc483132-0cff-0310-8789-
dd5450dbe970
valid_master_key = 0;
if ((retval = krb5_db_open(util_context, db5util_db_args,
- KRB5_KDB_OPEN_RW | KRB5_KDB_SRV_TYPE_OTHER))) {
+ KRB5_KDB_OPEN_RW | KRB5_KDB_SRV_TYPE_ADMIN))) {
com_err(progname, retval, "while initializing database");
exit_status++;
return(1);
kdb5_dal_handle *dal_handle=NULL;
krb5_ldap_context *ldap_context=NULL;
krb5_ldap_server_handle *ldap_server_handle=NULL;
+ char *default_match_expr = "*";
/* Clear the global error string */
krb5_clear_error_message(context);
}
}
+ /*
+ * If no match_expr then iterate through all krb princs like the db2 plugin
+ */
+ if (match_expr == NULL)
+ match_expr = default_match_expr;
+
filterlen = strlen(FILTER) + strlen(match_expr) + 2 + 1; /* 2 for closing brackets */
filter = malloc (filterlen);
CHECK_NULL(filter);