[systemd-devel] systemd-tmpfiles-setup.service failed due to LDAP resolving

Lennart Poettering lennart at poettering.net
Wed May 22 08:30:28 UTC 2019


On Mi, 22.05.19 10:02, Ulrich Windl (Ulrich.Windl at rz.uni-regensburg.de) wrote:

> Hi!
>
> Obviously the owner of a temporary directory cannot be an LDAP user:

system users should really not be located on LDAP:

https://systemd.io/UIDS-GIDS.html#notes-on-resolvability-of-user-and-group-names

> May 22 09:02:48 v04 systemd-tmpfiles[1056]: nss-ldap: do_open: do_start_tls
> failed:stat=-1
> May 22 09:02:48 v04 systemd-tmpfiles[1056]: nss_ldap: could not search LDAP
> server - Server is unavailable
> May 22 09:02:48 v04 systemd[1]: systemd-tmpfiles-setup.service: Main process
> exited, code=exited, status=1/FAILURE

Hmm, we actually log about all errors we encounter. Is it possible
that the nss-ldap module (which iirc is obsolete and unmaintained
these days?) does an exit(1) or so?

Either way, if we receive an error from NSS and don't log about it,
that'd be a bug, but please confirm with a current systemd version, or
contact your downstream who will do that and then propagate this to
us.

You can also set the "SYSTEMD_LOG_LEVEL=debug" env var to get more
detailed output. i.e. use "systemctl edit systemd-tmpfiles.service",
then type in:

[Service]
Environment=SYSTEMD_LOG_LEVEL=debug

then save and reboot.

> The basic problem is that LDAP needs network (which isn't up at this point).
> But still, it's hard to tell from the logged messages which entry actually
> caused the problem. From what I see "root" is the only user being used, and
> that user is local in /etc/passwd. /etc/nsswitch.conf has "passwd: compat"...
>
> I can create the missing directories later running "systemctl start
> systemd-tmpfiles-setup", but SLES has:
> /usr/lib/tmpfiles.d/systemd-nologin.conf:F! /run/nologin 0644 - - - "System is
> booting up. See pam_nologin(8)"
>
> Which effectively locks out users when doing so.

You can invoke the binary from shell prompt:

   systemd-tmpfiles --create --clean --remove

If you don't specify --boot then lines like the /run/nologin one won't
be honoured.

Lennart

--
Lennart Poettering, Berlin


More information about the systemd-devel mailing list