Problem with /etc/init.d/ldap?
Daniel B. Thurman
dant at cdkkt.com
Fri Nov 18 20:56:10 UTC 2005
>From: fedora-list-bounces at redhat.com
>[mailto:fedora-list-bounces at redhat.com]On Behalf Of Steven Bonneville
>Sent: Friday, November 18, 2005 12:38 PM
>To: fedora-list at redhat.com
>Subject: Re: Problem with /etc/init.d/ldap?
>
>
>"Daniel B. Thurman" <dant at cdkkt.com> wrote:
>> Since for LDAP, I am using a different keytab at
>/etc/openldap/ldap.keytab,
>> I have added the KRB5_KTNAME variable to the
>/etc/sysconfig/ldap file,
>> which to note, does not exists as a default file, which is
>not a big deal.
>>
>> I did check to see if the KRB5_KTNAME variable was slurped into the
>> /etc/init.d/ldap script and so far it appears to be there
>all the way through
>> to the exec command - so I cannot see why the exec in the script does
>> not allow ldap/SASL to work the same manner that I run manually from
>> the command line as root user, which works.
>>
>> Can anyone tell me what might be going on in the
>> off-chance that I am doing something wrong? :-)
>
>Did you say "export KRB5_KTNAME=FILE:/etc/openldap/ldap.keytab"?
> ^^^^^
I was told to add the following environment variable
to the /etc/sysconfig/ldap file:
KRB5_KTNAME=/etc/openldap/ldap.keytab
The file: /etc/openldap/ldap.keytab
is chmod 640 and chown root:ldap
The script: /etc/init.d/ldap slurps the /etc/sysconfig/ldap
file in to obtain the variable settings which I have verified
that it does, all the way through the script to where the slapd
command is executed via the daemon call.
I as not able to see/get the debug logs from within the daemon
call as to why starting this script behaves differently than
starting slapd directly from the command line.
Dan
>
>Is the keytab file readable by the ldap user?
>
> -- Steve Bonneville
>
--
No virus found in this outgoing message.
Checked by AVG Free Edition.
Version: 7.1.362 / Virus Database: 267.13.3/174 - Release Date: 11/17/2005
More information about the fedora-list
mailing list