Thomas Schweikle <652...@bugs.launchpad.net> writes: > LDAP ist robust against kerberos not running at the moment slapd starts.
I'm not sure that this is the case for an LDAP replica that uses GSS-API to authenticate to the master, since I believe the very first thing that slapd does is attempt the authentication to the master. If this is not the case, or if slapd handles this cleanly (by sleeping and retrying until it can get a connection without any other negative consequences), then it's indeed robust here and slapd can start first. But someone should verify that rather than assuming, since I know we've had trouble with it in the past. > Kerberos can't be robust about that. No way. If it stores data in LDAP > it has to have access to the server. It can. All it has to do is sleep if it can't open an LDAP connection for a few seconds and then try again. There's a tradeoff, of course, in that you lose error reporting from the init script if it currently attempts to open the LDAP connection before backgrounding itself. I'm not sure if that's the case or not. If it already doesn't open the LDAP connection until after it's backgrounded, you lose nothing by adding some pauses and repeated attempts to contact the LDAP server. Ideally, they should both be robust against the other not being up yet. -- Russ Allbery (r...@debian.org) <http://www.eyrie.org/~eagle/> -- You received this bug notification because you are a member of Ubuntu Bugs, which is subscribed to Ubuntu. https://bugs.launchpad.net/bugs/652433 Title: Init script dependency error: krb5-kdc starts before slapd -- ubuntu-bugs mailing list ubuntu-bugs@lists.ubuntu.com https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs
