[Freeipa-devel] [PATCH] 703 389-ds startup with krb config

[Jakub Hrozek]

On Tue, Feb 08, 2011 at 10:12:27AM -0500, Rob Crittenden wrote:
> If /etc/krb5.conf doesn't exist or contains no default kerberos
> realm then 389-ds won't start at all. This is a problem during
> installation because we configure 389 first.
> 
> This patch will let the server come up, you just won't be able to do
> any joins or password changes until you configure kerberos.
> 
> ticket 606
> 
> rob


I wasn't able to install with this patch when I had no /etc/krb5.conf at
all. 

Here's what the DS error log said:
---
10/Feb/2011:07:30:35 -0500] ipaenrollment_start - [file
ipa_enrollment.c, line 389]: Failed to get default realm?!
[10/Feb/2011:07:30:35 -0500] - Failed to start extendedop plugin
ipa_enrollment_extop
[10/Feb/2011:07:30:35 -0500] ipaenrollment_start - [file
ipa_enrollment.c, line 389]: Failed to get default realm?!
[10/Feb/2011:07:30:35 -0500] - Failed to start extendedop plugin
ipa_enrollment_extop
[10/Feb/2011:07:30:36 -0500] ipaenrollment_start - [file
ipa_enrollment.c, line 389]: Failed to get default realm?!
[10/Feb/2011:07:30:36 -0500] - Failed to start extendedop plugin
ipa_enrollment_extop
---

Looking at ipaenrollment_start(), it looks like the culprit is that when
krb5_get_default_realm() fails, ret is set to an error code and
returned. It should be either reset to LDAP_SUCCESS or maybe rc should
be used instead.

Also one nitpick. This:

-static char *realm;
-static const char *ipa_realm_dn;
+static char *realm = NULL;
+static const char *ipa_realm_dn = NULL;

Is not neccessary, global variables are initialized to NULL
automatically.