[Bug 652433] [NEW] Init script dependency error: krb5-kdc starts before slapd

[Russ Allbery]

infestator <betaev at gmail.com> writes:

> If Kerberos5 configured to use LDAP directory on the same computer, it
> does not launches at startup due to init script dependency is not
> configured. The update-rc.d script creates symlinks for krb5-kdc and
> slapd with the following names: S18krb5-kdc, S19slapd. This makes
> Kerberos key distribution center launch before LDAP directory which
> contains data for this service and I get the following in the
> /var/log/daemon.log:

> krb5kdc[1018]: Can't contact LDAP server - while initializing database
for realm MYREALM

> I think its no problem to make KDC to start after LDAP server and it
> will definitely solve this issue.

It's definitely a problem for the KDC to start after the LDAP server if
the LDAP server is using Kerberos for authentication, which is probably
still a more common configuration than putting the KDC data in LDAP.

Unfortunately, both init script orderings break different things for
different people.  What really needs to happen is that one or the other
(or preferrably both) services need to be robust against the other service
not yet being initialized.

-- 
Russ Allbery (rra at debian.org)               <http://www.eyrie.org/~eagle/>

-- 
Init script dependency error: krb5-kdc starts before slapd
https://bugs.launchpad.net/bugs/652433
You received this bug notification because you are a member of Ubuntu
Server Team, which is subscribed to krb5 in ubuntu.