On Wed, May 22, 2019 at 11:30 AM Lennart Poettering <lennart@xxxxxxxxxxxxxx> wrote:
On Mi, 22.05.19 10:02, Ulrich Windl (Ulrich.Windl@xxxxxxxxxxxxxxxxxxxx) wrote:
> Hi!
>
> Obviously the owner of a temporary directory cannot be an LDAP user:
system users should really not be located on LDAP:
https://systemd.io/UIDS-GIDS.html#notes-on-resolvability-of-user-and-group-names
> May 22 09:02:48 v04 systemd-tmpfiles[1056]: nss-ldap: do_open: do_start_tls
> failed:stat=-1
> May 22 09:02:48 v04 systemd-tmpfiles[1056]: nss_ldap: could not search LDAP
> server - Server is unavailable
> May 22 09:02:48 v04 systemd[1]: systemd-tmpfiles-setup.service: Main process
> exited, code=exited, status=1/FAILURE
Hmm, we actually log about all errors we encounter. Is it possible
that the nss-ldap module (which iirc is obsolete and unmaintained
these days?) does an exit(1) or so?
AFAIK, it is indeed obsolete (in favor of either SSSD or the *other* nss-ldap which comes with nslcd, both of which use a daemon to handle lookups).
Actually, if LDAP accounts in tmpfiles are somehow unavoidable, then SSSD may work better as it has a persistent local cache... (Still a bad idea though, as tmpfiles usually starts before SSSD.)
Mantas Mikulėnas
_______________________________________________ systemd-devel mailing list systemd-devel@xxxxxxxxxxxxxxxxxxxxx https://lists.freedesktop.org/mailman/listinfo/systemd-devel
