Problem with /etc/init.d/ldap?
Daniel B. Thurman
dant at cdkkt.com
Sun Nov 20 19:22:39 UTC 2005
>From: fedora-list-bounces at redhat.com
>[mailto:fedora-list-bounces at redhat.com]On Behalf Of Tony Nelson
>Sent: Saturday, November 19, 2005 7:49 PM
>To: fedora-list at redhat.com
>Subject: RE: Problem with /etc/init.d/ldap?
>
>
>At 12:58 PM -0800 11/19/05, Daniel B. Thurman wrote:
>
>>>>>>Did you say "export KRB5_KTNAME=FILE:/etc/openldap/ldap.keytab"?
>
>>>>6 export KRB5_KTNAME="FILE:/etc/openldap/ldap.keytab"
>
>>>Not too carefully. Note your use of " in 6, and compare with
>>>what he wrote.
>
>>Tony, I have no idea what you are talking about...
> ...
>
>Look harder. Compare what he wrote with what you show in 6.
>Keep looking
>until you see it.
>____________________________________________________________________
>TonyN.:' <mailto:tonynelson at georgeanelson.com>
> ' <http://www.georgeanelson.com/>
>
You mean:
"export KRB5_KTNAME=FILE:/etc/openldap/ldap.keytab"
export KRB5_KTNAME="FILE:/etc/openldap/ldap.keytab"
^-------------------^-----------------------------^^
The difference with the double-quotes placed on the outside,
i.e the entire string as opposed to double-quotes placed only
on the RHS of the '='?
I have tried both of these and it does not work either.
BTW: read http://www.openldap.org/faq/data/cache/630.html
It says:
Now you have to tell slapd (well, actually tell the gssapi
library in Kerberos 5 that is invoked by Cyrus SASL) where
to find the new keytab. You do this by setting the environment
variable KRB5_KTNAME like this:
export KRB5_KTNAME="FILE:/etc/openldap/ldap.keytab"
Set that environment variable on the slapd start script
(RedHat users might find /etc/sysconfig/ldap a perfect place).
Also - if you look at the /etc/init.d/ldap script, it uses
a bash sourcing command, (. /etc/sysconfig/ldap) which means
that it will execute the contents of /etc/sysconfig/ldap so
that all bash-commands will be executed. So the double-quotes
IMHO are really not necessary nor needed except that the 'FILE:'
part, I am not sure. As I said in my last posting, that it
appears that with or without the used of 'FILE:' makes no
difference in my temporary script. I am guessing that this
is probably parsed somewhere.
The script is hosed IMHO and I was told to bugzilla it.
Dan
Dan
--
No virus found in this outgoing message.
Checked by AVG Free Edition.
Version: 7.1.362 / Virus Database: 267.13.4/175 - Release Date: 11/18/2005
More information about the fedora-list
mailing list