Synopsis ======== When security/krb5 (-115, in my case) is built with the LDAP option, and then configured to use a local LDAP server, the krb5kdc daemon fails to start on boot with "cannot initialize realm EXAMPLE.COM - see log file for details" because slapd is not yet running. Expected behavior ================= On boot, slapd and kdc both start successfully in that order. Observed behavior ================= On boot, kdc tries to start first and fails, and later slapd starts successfully. After boot, an attempt to start kdc succeeds. Reproducible ============ Always. $ rcorder /etc/rc.d/* /usr/local/etc/rc.d/* 2>/dev/null | egrep "kdc|slapd" /etc/rc.d/kdc /usr/local/etc/rc.d/slapd
Adding net/openldap24-server maintainer to CC for situational awareness.
Put kdc in the BEFORE line of /usr/local/etc/rc.d/slapd.
Created attachment 195349 [details] openldap24-server fix This patch ensures that slapd is started before kdc.
Two weeks has elapsed since attachment 195349 [details] was proposed. However, the patch was not marked as needing maintainer approval, so I'm not sure what the protocol here is for maintainer timeout. In any case, I'm going try to set the flag and let cy@ and delphij@ work it out.
I'll create a phab revision.
BTW, did you test the patch?
See https://reviews.freebsd.org/D16602.
(In reply to Cy Schubert from comment #6) I did. It works.
A commit references this bug: Author: cy Date: Fri Aug 10 02:57:05 UTC 2018 New revision: 476803 URL: https://svnweb.freebsd.org/changeset/ports/476803 Log: Ensure that slapd starts before kdc, as the kdc may be configured to require LDAP services. If it is configured to require LDAP and the slapd server is not yet started, the kdc will fail to start. PR: 229939 Approved by: delphij@ (maintainer) MFH: 2018Q3 Differential Revision: https://reviews.freebsd.org/D16602 Changes: head/net/openldap24-server/Makefile head/net/openldap24-server/files/slapd.in
A commit references this bug: Author: cy Date: Tue Aug 14 12:42:43 UTC 2018 New revision: 477150 URL: https://svnweb.freebsd.org/changeset/ports/477150 Log: MFH: r476803 Ensure that slapd starts before kdc, as the kdc may be configured to require LDAP services. If it is configured to require LDAP and the slapd server is not yet started, the kdc will fail to start. PR: 229939 Approved by: delphij@ (maintainer) Differential Revision: https://reviews.freebsd.org/D16602 Approved by: portmgr (miwi@) Changes: _U branches/2018Q3/ branches/2018Q3/net/openldap24-server/Makefile branches/2018Q3/net/openldap24-server/files/slapd.in