Thus spake Rémi Cardona on Fri, Jun 09, 2006 at 03:05:33AM CDT > Lindsay Haisley wrote: > >Seems that I'm not the only one with this problem. There are several > >fixes which collectively seem to put things back to normal. See > >http://bugs.gentoo.org/show_bug.cgi?id=99564 > > Workarounds are suggested in the bug you pointed out. Just comment out > the udev entries that use non-exsting groups such as "tpm".
After I found the bug report I applied several of the posted fixes for the problem and left a few comments. Things are back to normal here. My main issue here is the question of how such a condition can occur. I have USE=ldap set, and a Gentoo ebuild at some point put ldap into the authentication methods for passwd, shadow and group, probably because this flag was set when glibc was last emerged. Whatever happened, I ended up with udevd trying to find an ldap server before either the network or the local ldap server were up and running. This shouldn't ever be allowed to happen. > On the forums, several people made shell scripts that switched between > two nsswitch.conf during bootup and after. This really is an ugly hack. It's the UNIX way ;-) > Another option is to put timeouts in ldap.conf. It's barely documented > but someone pointed this out in the forums. Here are a couple of thoughts. There's a single ldap USE flag spec'd for Gentoo. There are, however, several widely different ways in which ldap can be used. For instance, although I have ldap in my USE flags for my desktop system, I don't want to use ldap authentication, nor do I want the system to even try to use it. I do want ldap capabilities in applications such as evolution, and ldap clients, and proper schemas installed by various such applilcations which can take advantage of them. Perhaps rather than a single "ldap" USE flag, there need to be at least a couple - "ldap-auth", "ldap-client", etc. > >This is really nasty. Had it happened on one of my servers, one of which > >runs gentoo, it would have cost me customers! > > Thus the need to try things out before updating production servers :) > Safe business practice ihmo, although this bug really a PITA. One of the disadvantages of Gentoo is that it follows the open source maxim "release early, release often" pretty literally. The choices are either to keep an identical non-production server around as a test bed or to not try to keep up2date on stuff once the system is stable. I do live dangerously, and reserve the right to whine about it when I get my butt bitten ;-) One of the advantages of Gentoo is that the dev community and forums are generally very helpful in solving stuff when things break. bugs.gentoo.org is a great resource to which I successfully turn more often than I would wish. > I read someplace this was going to be fixed in later versions of nss_ldap. Yeah, this bug has been outstanding for many months. I put a version cap in packages.mask on nss_ldap and a comment referencing the bug report. It looks as if Greg KH and other devs can't quite agree on where the responsibility lies for this one. -- Lindsay Haisley | "Fighting against human | PGP public key FMP Computer Services | creativity is like | available at 512-259-1190 | trying to eradicate | <http://pubkeys.fmp.com> http://www.fmp.com | dandelions" | | (Pamela Jones) | -- [email protected] mailing list
