[systemd-devel] proper way for shutdown script

Xen list at xenhideout.nl
Wed Oct 5 16:08:34 UTC 2016

Mantas Mikul─Śnas schreef op 05-10-2016 14:49:
> On Wed, Oct 5, 2016 at 1:47 PM, Xen <list at xenhideout.nl> wrote:
>> Hi,
>> the libnss-ldap package on my system used to contain (and still
>> contains) a script that is run on system reboot and shutdown and
>> installs itself into SysV directories for runlevel 0 and 6.
> Do you mean libnss-ldapd? The standalone libnss-ldap has been
> deprecated for quite a while (in favor of nslcd-based thin modules).
> Also, what does this script do?

Thanks for the hint. I had come across nslcd but it seemed more 
complicated to get it running the first time, so I opted for the smaller 
solution having only libnss-ldap. I was not actually aware (anymore) of 

I am sure it is a "better" solution I was just not sure I could get it 
running in due time.

I also don't know what could be the difference here (I am sure there 
could be).

The script does what I have mentioned in another email which is to 
exclude certain users and groups from being LDAP-sourced by factual 
enumeration: the script just lists all of the groups and user (I think) 
and puts them into the configuration file. It is just a bit of an ugly 
workaround I guess as to simply checking for user and group ID.

The script probably just assumes that all user IDs and user groups start 
above a certain UID/GID.

What you would really need is an LDAP module that would not perform 
lookups above a certain ID, but this also works, and is in a way more 
flexible and powerful.

Even with very low timeouts LDAP queries would not be okay for system 

There is just no way you can run a (Linux) system with system groups and 
users in some LDAP database.

More information about the systemd-devel mailing list