>From: fedora-list-bounces@xxxxxxxxxx >[mailto:fedora-list-bounces@xxxxxxxxxx]On Behalf Of Steven Bonneville >Sent: Friday, November 18, 2005 12:38 PM >To: fedora-list@xxxxxxxxxx >Subject: Re: Problem with /etc/init.d/ldap? > > >"Daniel B. Thurman" <dant@xxxxxxxxx> wrote: >> Since for LDAP, I am using a different keytab at >/etc/openldap/ldap.keytab, >> I have added the KRB5_KTNAME variable to the >/etc/sysconfig/ldap file, >> which to note, does not exists as a default file, which is >not a big deal. >> >> I did check to see if the KRB5_KTNAME variable was slurped into the >> /etc/init.d/ldap script and so far it appears to be there >all the way through >> to the exec command - so I cannot see why the exec in the script does >> not allow ldap/SASL to work the same manner that I run manually from >> the command line as root user, which works. >> >> Can anyone tell me what might be going on in the >> off-chance that I am doing something wrong? :-) > >Did you say "export KRB5_KTNAME=FILE:/etc/openldap/ldap.keytab"? > ^^^^^ I was told to add the following environment variable to the /etc/sysconfig/ldap file: KRB5_KTNAME=/etc/openldap/ldap.keytab The file: /etc/openldap/ldap.keytab is chmod 640 and chown root:ldap The script: /etc/init.d/ldap slurps the /etc/sysconfig/ldap file in to obtain the variable settings which I have verified that it does, all the way through the script to where the slapd command is executed via the daemon call. I as not able to see/get the debug logs from within the daemon call as to why starting this script behaves differently than starting slapd directly from the command line. Dan > >Is the keytab file readable by the ldap user? > > -- Steve Bonneville > -- No virus found in this outgoing message. Checked by AVG Free Edition. Version: 7.1.362 / Virus Database: 267.13.3/174 - Release Date: 11/17/2005
