[systemd-devel] systemd-tmpfiles-setup.service failed due to LDAP resolving

Ulrich Windl Ulrich.Windl at rz.uni-regensburg.de
Wed May 22 08:02:40 UTC 2019 

Hi!

Obviously the owner of a temporary directory cannot be an LDAP user:
# systemctl status systemd-tmpfiles-setup -l
● systemd-tmpfiles-setup.service - Create Volatile Files and Directories
   Loaded: loaded (/usr/lib/systemd/system/systemd-tmpfiles-setup.service;
static; vendor preset: disabled)
   Active: failed (Result: exit-code) since Wed 2019-05-22 09:02:48 CEST;
46min ago
     Docs: man:tmpfiles.d(5)
           man:systemd-tmpfiles(8)
  Process: 1056 ExecStart=/usr/bin/systemd-tmpfiles --create --remove --boot
--exclude-prefix=/dev (code=exited, status=1/FAILURE)
 Main PID: 1056 (code=exited, status=1/FAILURE)

May 22 09:02:48 v04 systemd-tmpfiles[1056]: nss-ldap: do_open: do_start_tls
failed:stat=-1
May 22 09:02:48 v04 systemd-tmpfiles[1056]: nss-ldap: do_open: do_start_tls
failed:stat=-1
May 22 09:02:48 v04 systemd-tmpfiles[1056]: nss-ldap: do_open: do_start_tls
failed:stat=-1
May 22 09:02:48 v04 systemd-tmpfiles[1056]: nss-ldap: do_open: do_start_tls
failed:stat=-1
May 22 09:02:48 v04 systemd-tmpfiles[1056]: nss-ldap: do_open: do_start_tls
failed:stat=-1
May 22 09:02:48 v04 systemd-tmpfiles[1056]: nss_ldap: could not search LDAP
server - Server is unavailable
May 22 09:02:48 v04 systemd[1]: systemd-tmpfiles-setup.service: Main process
exited, code=exited, status=1/FAILURE
May 22 09:02:48 v04 systemd[1]: Failed to start Create Volatile Files and
Directories.
May 22 09:02:48 v04 systemd[1]: systemd-tmpfiles-setup.service: Unit entered
failed state.
May 22 09:02:48 v04 systemd[1]: systemd-tmpfiles-setup.service: Failed with
result 'exit-code'.

The basic problem is that LDAP needs network (which isn't up at this point).
But still, it's hard to tell from the logged messages which entry actually
caused the problem. From what I see "root" is the only user being used, and
that user is local in /etc/passwd. /etc/nsswitch.conf has "passwd: compat"...

I can create the missing directories later running "systemctl start
systemd-tmpfiles-setup", but SLES has:
/usr/lib/tmpfiles.d/systemd-nologin.conf:F! /run/nologin 0644 - - - "System is
booting up. See pam_nologin(8)"

Which effectively locks out users when doing so.

Any splendid ideas?

Regards,
Ulrich

More information about the systemd-devel mailing list