[Bug 652433] Re: Init script dependency error: krb5-kdc starts before slapd

Clint Byrum clint at fewbar.com
Thu Aug 18 16:27:47 UTC 2011 

Excerpts from Clint Byrum's message of Wed Aug 17 10:56:55 -0700 2011:
> Excerpts from Ryan Tandy's message of Wed Aug 17 17:29:36 UTC 2011:
> > I have noticed that the slapd init script terminates before slapd is
> > actually ready to accept connections, and I think that is the problem
> > you're having too.  In my scripts that stop/start slapd I always have to
> > insert a 'sleep 1' before I can do any LDAP operations.  I've also
> > noticed that on a sufficiently fast machine the time between S17slapd
> > and S18krb5-kdc is short enough that the KDC can fail to start.  I
> > worked around it by adding 'invoke-rc.d krb5-kdc start' in /etc/rc.local
> > but I'm sure a better solution is possible.
> 
> Looking through slapd's code, it does in fact fork and exit before
> activating its listener threads. The detach code needs to actually wait
> for some message from the children that the listeners have started,
> or the parent should do the listening before forking.
> 
> I filed bug #828237 to track this. Thanks for the tip Ryan!

FYI, bug 828237 is actually fixed in Oneiric, I didn't realize that
there was a patch to do just that included.

Not sure if its SRU'able to lucid, but the workaround of sleeping for
1 second after it starts is probably the best workaround at present.

-- 
You received this bug notification because you are a member of Ubuntu
Foundations Bugs, which is subscribed to krb5 in Ubuntu.
https://bugs.launchpad.net/bugs/652433

Title:
  Init script dependency error: krb5-kdc starts before slapd

Status in “krb5” package in Ubuntu:
  Confirmed

Bug description:
  Binary package hint: krb5-kdc

  If Kerberos5 configured to use LDAP directory on the same computer, it does not launches at startup due to init script dependency is not configured. The update-rc.d script creates symlinks for krb5-kdc and slapd with the following names: S18krb5-kdc, S19slapd. This makes Kerberos key distribution center launch before LDAP directory which contains data for this service and I get the following in the /var/log/daemon.log:
  krb5kdc[1018]: Can't contact LDAP server - while initializing database for realm MYREALM

  I think its no problem to make KDC to start after LDAP server and it
  will definitely solve this issue.

To manage notifications about this bug go to:
https://bugs.launchpad.net/ubuntu/+source/krb5/+bug/652433/+subscriptions

More information about the foundations-bugs mailing list