summaryrefslogtreecommitdiffstats
path: root/daemons
diff options
context:
space:
mode:
authorMartin Kosek <mkosek@redhat.com>2014-02-04 11:02:34 +0100
committerMartin Kosek <mkosek@redhat.com>2014-02-04 12:44:45 +0100
commitb351b210be4809b856915a9c63a4288ebd3c9fdf (patch)
treeb5d6448daef256622541b08ae3cef235ea56dbf8 /daemons
parentd85e2c9a8220e5a61c8dbc205d71693e832b668a (diff)
downloadfreeipa-b351b210be4809b856915a9c63a4288ebd3c9fdf.tar.gz
freeipa-b351b210be4809b856915a9c63a4288ebd3c9fdf.tar.xz
freeipa-b351b210be4809b856915a9c63a4288ebd3c9fdf.zip
ipa-lockout: do not fail when default realm cannot be read
When ipa-lockout plugin is started during FreeIPA server installation, the default realm may not be available and plugin should then not end with failure. Similarly to other plugins, start in degraded mode in this situation. Operation is fully restored during the final services restart. https://fedorahosted.org/freeipa/ticket/4085
Diffstat (limited to 'daemons')
-rw-r--r--daemons/ipa-slapi-plugins/ipa-lockout/ipa_lockout.c34
1 files changed, 17 insertions, 17 deletions
diff --git a/daemons/ipa-slapi-plugins/ipa-lockout/ipa_lockout.c b/daemons/ipa-slapi-plugins/ipa-lockout/ipa_lockout.c
index 5a24359d3..265c2701c 100644
--- a/daemons/ipa-slapi-plugins/ipa-lockout/ipa_lockout.c
+++ b/daemons/ipa-slapi-plugins/ipa-lockout/ipa_lockout.c
@@ -176,23 +176,23 @@ ipalockout_get_global_config(struct ipa_context *ipactx)
krberr = krb5_init_context(&krbctx);
if (krberr) {
LOG_FATAL("krb5_init_context failed (%d)\n", krberr);
- ret = LDAP_OPERATIONS_ERROR;
- goto done;
- }
-
- krberr = krb5_get_default_realm(krbctx, &realm);
- if (krberr) {
- LOG_FATAL("Failed to get default realm (%d)\n", krberr);
- ret = LDAP_OPERATIONS_ERROR;
- goto done;
- }
-
- ipa_global_policy = slapi_ch_smprintf("cn=global_policy,cn=%s,cn=kerberos,%s",
- realm, basedn);
- if (!ipa_global_policy) {
- LOG_OOM();
- ret = LDAP_OPERATIONS_ERROR;
- goto done;
+ /* Yes, we failed, but it is because /etc/krb5.conf doesn't exist
+ * or is misconfigured. Start up in a degraded mode.
+ */
+ } else {
+ krberr = krb5_get_default_realm(krbctx, &realm);
+ if (krberr) {
+ LOG_FATAL("Failed to get default realm (%d)\n", krberr);
+ } else {
+ ipa_global_policy =
+ slapi_ch_smprintf("cn=global_policy,cn=%s,cn=kerberos,%s",
+ realm, basedn);
+ if (!ipa_global_policy) {
+ LOG_OOM();
+ ret = LDAP_OPERATIONS_ERROR;
+ goto done;
+ }
+ }
}
ret = asprintf(&dn, "cn=ipaConfig,cn=etc,%s", basedn);
generated by cgit (git 2.34.1) at 2024-05-04 21:06:02 +0000