[Freeipa-users] Re: Ensure that IPA user can be resolved upon SystemD-Unit start

Thu, 12 Jan 2023 08:20:29 -0800 

On 12.01.23 16:28, Rob Crittenden wrote:

Ronald Wimmer via FreeIPA-users wrote:

I do have a sytemd service unit that uses an IPA used. However, upon
reboot it seems that that particular IPA user is not available upon
start of that particular systemd service.

Using "After=sssd.service" is not sufficient.

What would you recommend in this case?
(I am looking for a reliable systemd solution and do not want to rely on
a script checking for a particular user with getent for example)


You may want to cross-post to the sssd-users list.

I'd try nss-user-lookup.target instead. According to systemd.special(7):

nss-user-lookup.target

A target that should be used as synchronization point for all regular
UNIX user/group name service lookups. Note that this is independent of
host/network name lookups for which nss-lookup.target should be used.
All services for which the availability of the full user/group database
is essential should be ordered after this target, but not pull it in.
All services which provide parts of the user/group database should be
ordered before this target, and pull it in. Note that this unit is only
relevant for regular users and groups — system users and groups are
required to be resolvable during earliest boot already, and hence do not
need any special ordering against this target.
Thanks for your input Rob! Unfortunately, nss-lookup.target also seems not to be sufficient. I've asked in the SSSD mailing list: https://lists.fedorahosted.org/archives/list/sssd-us...@lists.fedorahosted.org/thread/5E2RCVT36NBIRFUKW4ZKMMIDM6UJOR52/ 

Cheers,
Ronald
_______________________________________________
FreeIPA-users mailing list -- freeipa-users@lists.fedorahosted.org
To unsubscribe send an email to freeipa-users-le...@lists.fedorahosted.org
Fedora Code of Conduct: 
https://docs.fedoraproject.org/en-US/project/code-of-conduct/
List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines
List Archives: 
https://lists.fedorahosted.org/archives/list/freeipa-users@lists.fedorahosted.org
Do not reply to spam, report it: 
https://pagure.io/fedora-infrastructure/new_issue

Reply via email to