Hi,
>> "Michael" == Michael Biebl <[email protected]> writes:
> Am 24.08.2014 19:09, schrieb Andreas B. Mundt:
[...]
> >
> > root@mainserver:~# cat /etc/systemd/system/slapd.service
> > [Unit]
> > Description=OpenLDAP standalone server (Lightweight Directory Access
> > Protocol)
> > After=syslog.target
>
> syslog.target is deprecated and no longer necessary. The main syslog
> implementations support socket activation nowadays. So the
> After=syslog.target line should be dropped
>
> > Wants=remote-fs.target
>
> Why do you need that?
Indeeed, it seems to be not needed; I added it because remote-fs is in
the corresponding systemv init script header.
> > [Service]
> > Type=forking
> > PIDFile=/var/run/slapd/slapd.pid
> > EnvironmentFile=-/etc/default/slapd
> > ExecStartPre=-/bin/mkdir /var/run/slapd
> > ExecStartPre=-/bin/chown ${SLAPD_USER}:${SLAPD_GROUP} /var/run/slapd
>
> Please consider adding a tmpfiles snippet for creating the runtime
> directory. Or do you really need a configurable slapd user/group?
Here the corresponding init script is rather involved, it determines
the pid file from the slapd configuration ...
User and group are currently defined in /etc/default/slapd, that's why
I tried to use them here again.
> > ExecStart=/usr/sbin/slapd -u ${SLAPD_USER} -g ${SLAPD_GROUP} -h
> ${SLAPD_SERVICES} $SLAPD_OPTIONS
> >
> > [Install]
> > WantedBy=multi-user.target
> >
> >
> > root@mainserver:~# cat /etc/systemd/system/krb5-kdc.service
> > [Unit]
> > Description=MIT Kerberos KDC
> > Requires=slapd.service
> > After=slapd.service
>
> From what I understood so far, krb5-kdc does *not* have a strict
> dependency on slapd. So Requires=slapd.service looks wrong.
Yes, the 'Requires=slapd.service' would only be necessary (and
correct) for krb5-kdc-ldap being installed.
> > [Service]
> > Type=forking
> > EnvironmentFile=-/etc/default/krb5-kdc
> > ExecStart=/usr/sbin/krb5kdc
>
> You are loading the EnvironmentFile but then don't use any env vars
> from it.
Thanks for your comments!
It looks as if slapd.service is not needed, a krb5-kdc.service file
like:
[Unit]
Description=MIT Kerberos KDC
Requires=slapd.service
After=slapd.service
[Service]
Type=forking
ExecStart=/usr/sbin/krb5kdc
[Install]
WantedBy=multi-user.target
seems to work here. (Provided only with the krb5-kdc-ldap package.)
Best regards,
Andi
--
To UNSUBSCRIBE, email to [email protected]
with a subject of "unsubscribe". Trouble? Contact [email protected]
