Problem with /etc/init.d/ldap?

[Daniel B. Thurman]

>From: fedora-list-bounces at redhat.com
>[mailto:fedora-list-bounces at redhat.com]On Behalf Of Steven Bonneville
>Sent: Friday, November 18, 2005 12:38 PM
>To: fedora-list at redhat.com
>Subject: Re: Problem with /etc/init.d/ldap?
>
>
>"Daniel B. Thurman" <dant at cdkkt.com> wrote:
>> Since for LDAP, I am using a different keytab at 
>/etc/openldap/ldap.keytab,
>> I have added the KRB5_KTNAME variable to the 
>/etc/sysconfig/ldap file,
>> which to note, does not exists as a default file, which is 
>not a big deal.
>> 
>> I did check to see if the KRB5_KTNAME variable was slurped into the
>> /etc/init.d/ldap script and so far it appears to be there 
>all the way through
>> to the exec command - so I cannot see why the exec in the script does
>> not allow ldap/SASL to work the same manner that I run manually from
>> the command line as root user, which works.
>> 
>> Can anyone tell me what might be going on in the
>> off-chance that I am doing something wrong? :-)
>
>Did you say "export KRB5_KTNAME=FILE:/etc/openldap/ldap.keytab"?
>                                ^^^^^

I was told to add the following environment variable
to the /etc/sysconfig/ldap file:

KRB5_KTNAME=/etc/openldap/ldap.keytab

The file: /etc/openldap/ldap.keytab
is chmod 640 and chown root:ldap

The script: /etc/init.d/ldap slurps the /etc/sysconfig/ldap
file in to obtain the variable settings which I have verified
that it does, all the way through the script to where the slapd
command is executed via the daemon call.

I as not able to see/get the debug logs from within the daemon
call as to why starting this script behaves differently than
starting slapd directly from the command line.

Dan 

>
>Is the keytab file readable by the ldap user?
>
>  -- Steve Bonneville
>

-- 
No virus found in this outgoing message.
Checked by AVG Free Edition.
Version: 7.1.362 / Virus Database: 267.13.3/174 - Release Date: 11/17/2005