[Freeipa-devel] [PATCH] 703 389-ds startup with krb config
Rob Crittenden
rcritten at redhat.com
Mon Feb 14 19:07:37 UTC 2011
Jakub Hrozek wrote:
> On Thu, Feb 10, 2011 at 10:27:43PM -0500, Rob Crittenden wrote:
>> Rob Crittenden wrote:
>>> Jakub Hrozek wrote:
>>>> On Tue, Feb 08, 2011 at 10:12:27AM -0500, Rob Crittenden wrote:
>>>>> If /etc/krb5.conf doesn't exist or contains no default kerberos
>>>>> realm then 389-ds won't start at all. This is a problem during
>>>>> installation because we configure 389 first.
>>>>>
>>>>> This patch will let the server come up, you just won't be able to do
>>>>> any joins or password changes until you configure kerberos.
>>>>>
>>>>> ticket 606
>>>>>
>>>>> rob
>>>>
>>>>
>>>> I wasn't able to install with this patch when I had no /etc/krb5.conf at
>>>> all.
>>>>
>>>> Here's what the DS error log said:
>>>> ---
>>>> 10/Feb/2011:07:30:35 -0500] ipaenrollment_start - [file
>>>> ipa_enrollment.c, line 389]: Failed to get default realm?!
>>>> [10/Feb/2011:07:30:35 -0500] - Failed to start extendedop plugin
>>>> ipa_enrollment_extop
>>>> [10/Feb/2011:07:30:35 -0500] ipaenrollment_start - [file
>>>> ipa_enrollment.c, line 389]: Failed to get default realm?!
>>>> [10/Feb/2011:07:30:35 -0500] - Failed to start extendedop plugin
>>>> ipa_enrollment_extop
>>>> [10/Feb/2011:07:30:36 -0500] ipaenrollment_start - [file
>>>> ipa_enrollment.c, line 389]: Failed to get default realm?!
>>>> [10/Feb/2011:07:30:36 -0500] - Failed to start extendedop plugin
>>>> ipa_enrollment_extop
>>>> ---
>>>>
>>>> Looking at ipaenrollment_start(), it looks like the culprit is that when
>>>> krb5_get_default_realm() fails, ret is set to an error code and
>>>> returned. It should be either reset to LDAP_SUCCESS or maybe rc should
>>>> be used instead.
>>>>
>>>> Also one nitpick. This:
>>>>
>>>> -static char *realm;
>>>> -static const char *ipa_realm_dn;
>>>> +static char *realm = NULL;
>>>> +static const char *ipa_realm_dn = NULL;
>>>>
>>>> Is not neccessary, global variables are initialized to NULL
>>>> automatically.
>>>
>>> Updated patch attached. I was able to do full install with this one.
>>>
>>> rob
>>
>> Found another problem, new patch.
>>
>> rob
>
> Ack
pushed to master
More information about the Freeipa-devel
mailing list