[Freeipa-devel] [PATCH] 703 389-ds startup with krb config

Jakub Hrozek jhrozek at redhat.com
Mon Feb 14 17:39:49 UTC 2011 

On Thu, Feb 10, 2011 at 10:27:43PM -0500, Rob Crittenden wrote:
> Rob Crittenden wrote:
> >Jakub Hrozek wrote:
> >>On Tue, Feb 08, 2011 at 10:12:27AM -0500, Rob Crittenden wrote:
> >>>If /etc/krb5.conf doesn't exist or contains no default kerberos
> >>>realm then 389-ds won't start at all. This is a problem during
> >>>installation because we configure 389 first.
> >>>
> >>>This patch will let the server come up, you just won't be able to do
> >>>any joins or password changes until you configure kerberos.
> >>>
> >>>ticket 606
> >>>
> >>>rob
> >>
> >>
> >>I wasn't able to install with this patch when I had no /etc/krb5.conf at
> >>all.
> >>
> >>Here's what the DS error log said:
> >>---
> >>10/Feb/2011:07:30:35 -0500] ipaenrollment_start - [file
> >>ipa_enrollment.c, line 389]: Failed to get default realm?!
> >>[10/Feb/2011:07:30:35 -0500] - Failed to start extendedop plugin
> >>ipa_enrollment_extop
> >>[10/Feb/2011:07:30:35 -0500] ipaenrollment_start - [file
> >>ipa_enrollment.c, line 389]: Failed to get default realm?!
> >>[10/Feb/2011:07:30:35 -0500] - Failed to start extendedop plugin
> >>ipa_enrollment_extop
> >>[10/Feb/2011:07:30:36 -0500] ipaenrollment_start - [file
> >>ipa_enrollment.c, line 389]: Failed to get default realm?!
> >>[10/Feb/2011:07:30:36 -0500] - Failed to start extendedop plugin
> >>ipa_enrollment_extop
> >>---
> >>
> >>Looking at ipaenrollment_start(), it looks like the culprit is that when
> >>krb5_get_default_realm() fails, ret is set to an error code and
> >>returned. It should be either reset to LDAP_SUCCESS or maybe rc should
> >>be used instead.
> >>
> >>Also one nitpick. This:
> >>
> >>-static char *realm;
> >>-static const char *ipa_realm_dn;
> >>+static char *realm = NULL;
> >>+static const char *ipa_realm_dn = NULL;
> >>
> >>Is not neccessary, global variables are initialized to NULL
> >>automatically.
> >
> >Updated patch attached. I was able to do full install with this one.
> >
> >rob
> 
> Found another problem, new patch.
> 
> rob

Ack

More information about the Freeipa-devel mailing list