From c9431749a0078df8bdf13490daac5f3467cc1c02 Mon Sep 17 00:00:00 2001
From: Rob Crittenden <rcritten@redhat.com>
Date: Thu, 10 Feb 2011 22:26:46 -0500
Subject: Let 389-ds start up even if Kerboros is not configured yet.

The situation is if during installation /etc/krb5.conf either doesn't
exist or configures no realms then 389-ds won't start up at all, causing
the installation to fail. This will let the server start up in a degraded
mode.

Also need to make the sub_dict in ldapupdate.py handle no realm otherwise
the installation will abort enabling the compat plugin.

ticket 606
---
 .../ipa-enrollment/ipa_enrollment.c                | 27 ++++++++++++++++++----
 1 file changed, 22 insertions(+), 5 deletions(-)

(limited to 'daemons/ipa-slapi-plugins/ipa-enrollment/ipa_enrollment.c')

diff --git a/daemons/ipa-slapi-plugins/ipa-enrollment/ipa_enrollment.c b/daemons/ipa-slapi-plugins/ipa-enrollment/ipa_enrollment.c
index 34fba02c..ec1c3967 100644
--- a/daemons/ipa-slapi-plugins/ipa-enrollment/ipa_enrollment.c
+++ b/daemons/ipa-slapi-plugins/ipa-enrollment/ipa_enrollment.c
@@ -101,6 +101,13 @@ ipaenrollement_secure(Slapi_PBlock *pb, char **errMesg)
         goto done;
     }
 
+    if (NULL == realm) {
+        *errMesg = "Kerberos realm is not set.\n";
+        LOG_FATAL("%s", errMesg);
+        rc = LDAP_OPERATIONS_ERROR;
+        goto done;
+    }
+
     if ((0 == is_ssl) && (sasl_ssf <= 1)) {
         *errMesg = "Operation requires a secure connection.\n";
         rc = LDAP_CONFIDENTIALITY_REQUIRED;
@@ -144,6 +151,13 @@ ipa_join(Slapi_PBlock *pb)
     char *principal = NULL;
     struct berval retbval;
 
+    if (NULL == realm) {
+        errMesg = "Kerberos realm is not set.\n";
+        LOG_FATAL("%s", errMesg);
+        rc = LDAP_OPERATIONS_ERROR;
+        goto done;
+    }
+
     /* Get Bind DN */
     slapi_pblock_get(pb, SLAPI_CONN_DN, &bindDN);
 
@@ -363,18 +377,21 @@ ipaenrollment_start(Slapi_PBlock *pb)
     krberr = krb5_init_context(&krbctx);
     if (krberr) {
         LOG_FATAL("krb5_init_context failed\n");
-        return LDAP_OPERATIONS_ERROR;
+        /* Yes, we failed, but it is because /etc/krb5.conf doesn't exist
+         * or is misconfigured. Start up in a degraded mode.
+         */
+        goto done;
     }
 
-    ret = krb5_get_default_realm(krbctx, &realm);
-    if (ret) {
+    krberr = krb5_get_default_realm(krbctx, &realm);
+    if (krberr) {
+        realm = NULL;
         LOG_FATAL("Failed to get default realm?!\n");
-        ret = LDAP_OPERATIONS_ERROR;
+        goto done;
     }
 
     if (slapi_pblock_get(pb, SLAPI_TARGET_DN, &config_dn) != 0) {
         LOG_FATAL("No config DN?\n");
-        ret = LDAP_OPERATIONS_ERROR;
         goto done;
     }
     sdn = slapi_sdn_new_dn_byref(config_dn);
-- 
cgit