[systemd-devel] systemd-tmpfiles-setup.service failed due to LDAP resolving

Mantas Mikul─Śnas grawity at gmail.com
Wed May 22 09:53:47 UTC 2019


On Wed, May 22, 2019 at 11:30 AM Lennart Poettering <lennart at poettering.net>
wrote:

> On Mi, 22.05.19 10:02, Ulrich Windl (Ulrich.Windl at rz.uni-regensburg.de)
> wrote:
>
> > Hi!
> >
> > Obviously the owner of a temporary directory cannot be an LDAP user:
>
> system users should really not be located on LDAP:
>
>
> https://systemd.io/UIDS-GIDS.html#notes-on-resolvability-of-user-and-group-names
>
> > May 22 09:02:48 v04 systemd-tmpfiles[1056]: nss-ldap: do_open:
> do_start_tls
> > failed:stat=-1
> > May 22 09:02:48 v04 systemd-tmpfiles[1056]: nss_ldap: could not search
> LDAP
> > server - Server is unavailable
> > May 22 09:02:48 v04 systemd[1]: systemd-tmpfiles-setup.service: Main
> process
> > exited, code=exited, status=1/FAILURE
>
> Hmm, we actually log about all errors we encounter. Is it possible
> that the nss-ldap module (which iirc is obsolete and unmaintained
> these days?) does an exit(1) or so?
>

AFAIK, it is indeed obsolete (in favor of either SSSD or the *other*
nss-ldap which comes with nslcd, both of which use a daemon to handle
lookups).

Actually, if LDAP accounts in tmpfiles are somehow unavoidable, then SSSD
may work better as it has a persistent local cache... (Still a bad idea
though, as tmpfiles usually starts before SSSD.)

-- 
Mantas Mikul─Śnas
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <https://lists.freedesktop.org/archives/systemd-devel/attachments/20190522/6df33a20/attachment.html>


More information about the systemd-devel mailing list