Bug 1328608

Summary: No means to set KRB5_KTNAME
Product: [Fedora] Fedora Reporter: Pascal Jakobi <pascal.jakobi>
Component: openldapAssignee: Matus Honek <mhonek>
Status: CLOSED NOTABUG QA Contact: Fedora Extras Quality Assurance <extras-qa>
Severity: unspecified Docs Contact:
Priority: unspecified    
Version: 22CC: jsynacek, jv+fedora, mhonek, rmeggins
Target Milestone: ---   
Target Release: ---   
Hardware: Unspecified   
OS: Unspecified   
Whiteboard:
Fixed In Version: Doc Type: Bug Fix
Doc Text:
Story Points: ---
Clone Of: Environment:
Last Closed: 2016-04-20 10:48:41 UTC Type: Bug
Regression: --- Mount Type: ---
Documentation: --- CRM:
Verified Versions: Category: ---
oVirt Team: --- RHEL 7.3 requirements from Atomic Host:
Cloudforms Team: --- Target Upstream Version:

Description Pascal Jakobi 2016-04-19 20:37:11 UTC 
In FC22, the /etc/sysconfig/[ldap,slapd] disappeared.
This is where the environment variable KRB5_KTNAME was set. This is necessary for GSS API.

Many ways to solve this. 
My suggestion :
1/ add EnvironmentFile=/etc/sysconfig/slapd in file /usr/lib/systemd/system/slapd.service
2/ Recreate the /etc/sysconfig/slapd file with some content such as
      #KRB5_KTNAME=/etc/openldap/ldap.keytab; export KRB5_KTNAME
Comment 1 Jan Synacek 2016-04-20 06:25:04 UTC 
The correct way to do this is to copy the slapd service file to /etc/lib/systemd/system and add Environment="KRB...". I removed the sysconfig file on purpose, because it was superfluous.
Comment 2 Jan Synacek 2016-04-20 06:27:14 UTC 
And by the way, the "No means to set..." in the summary is simply not true and you proved it by writing the 1/ bullet in the report.
Comment 3 Matus Honek 2016-04-20 10:48:41 UTC 
Jan, thanks for the comment. As systemd is preferred I do not think it is a good idea to have two places for configuration.

Copying /usr/lib/systemd/system/slapd.service to /etc/systemd/system/ and setting the Environment property there fully replaces the previous sysconfig method of configuration of the environment variable. For that reason I am closing this as not a bug. Should this be not sufficient feel free to reopen this bug.
Comment 4 Jan Včelák 2016-04-20 17:26:59 UTC 
(In reply to Jan Synacek from comment #1)
> The correct way to do this is to copy the slapd service file to
> /etc/lib/systemd/system and add Environment="KRB...". I removed the
> sysconfig file on purpose, because it was superfluous.

Even better way is to add /etc/systemd/system/slapd.service.d/kerberos.conf just with the Environment= options. See the 'systemctl edit' command.