Lindsay Haisley wrote:
My main issue here is the question of how such a condition can occur. I have
USE=ldap set, and a Gentoo ebuild at some point put ldap into the
authentication methods for passwd, shadow and group, probably because this flag
was set when glibc was last emerged.
I checked the ebuilds and none of 'em actually touch nsswitch.conf It's
a purely manual setup.
Whatever happened, I ended up with udevd
trying to find an ldap server before either the network or the local ldap
server were up and running. This shouldn't ever be allowed to happen.
Agreed :)
Here are a couple of thoughts. There's a single ldap USE flag spec'd for
Gentoo. There are, however, several widely different ways in which ldap can be
used. For instance, although I have ldap in my USE flags for my desktop
system, I don't want to use ldap authentication, nor do I want the system to
even try to use it. I do want ldap capabilities in applications such as
evolution, and ldap clients, and proper schemas installed by various such
applilcations which can take advantage of them. Perhaps rather than a single
"ldap" USE flag, there need to be at least a couple - "ldap-auth",
"ldap-client", etc.
I'd mostly would like to have ldap-lib and ldap-server with the USE=ldap
only pulling the ldap-lib stuff, leaving the server stuff as an exercise
to the reader. Kind of like the xorg split.
One of the disadvantages of Gentoo is that it follows the open source maxim
"release early, release often" pretty literally. The choices are either to
keep an identical non-production server around as a test bed or to not try to
keep up2date on stuff once the system is stable. I do live dangerously, and
reserve the right to whine about it when I get my butt bitten ;-) One of the
advantages of Gentoo is that the dev community and forums are generally very
helpful in solving stuff when things break. bugs.gentoo.org is a great
resource to which I successfully turn more often than I would wish.
I'll second Donnie here, VMWare is a great tool for that, I used it in
several occasions and it saved me a bundle, both in terms of time and
money (one server with plenty of RAM running 2 win2k and 2 linuxes at
the same time). It's definitely worth its price tag in the long run.
Xen seems to be the cool new thing, and it seems to be well tested to be
put into production use. Definitely worth a look if you're on a tight
budget, or if your servers are not used to their max capacity.
I read someplace this was going to be fixed in later versions of nss_ldap.
Yeah, this bug has been outstanding for many months. I put a version cap in
packages.mask on nss_ldap and a comment referencing the bug report. It looks
as if Greg KH and other devs can't quite agree on where the responsibility lies
for this one.
Since this bug has been bothering me for quite a while too, I'll try and
see if I can fix it. I started looking through udev this morning, and it
seems really clean code-wise. I'm not really sure how to test udev
though, besides rebooting the box. I'll figure this out this weekend.
Cheers,
Rémi
--
[email protected] mailing list
