On Wed, May 22, 2019 at 11:30 AM Lennart Poettering <lenn...@poettering.net> wrote:
> On Mi, 22.05.19 10:02, Ulrich Windl (ulrich.wi...@rz.uni-regensburg.de) > wrote: > > > Hi! > > > > Obviously the owner of a temporary directory cannot be an LDAP user: > > system users should really not be located on LDAP: > > > https://systemd.io/UIDS-GIDS.html#notes-on-resolvability-of-user-and-group-names > > > May 22 09:02:48 v04 systemd-tmpfiles[1056]: nss-ldap: do_open: > do_start_tls > > failed:stat=-1 > > May 22 09:02:48 v04 systemd-tmpfiles[1056]: nss_ldap: could not search > LDAP > > server - Server is unavailable > > May 22 09:02:48 v04 systemd[1]: systemd-tmpfiles-setup.service: Main > process > > exited, code=exited, status=1/FAILURE > > Hmm, we actually log about all errors we encounter. Is it possible > that the nss-ldap module (which iirc is obsolete and unmaintained > these days?) does an exit(1) or so? > AFAIK, it is indeed obsolete (in favor of either SSSD or the *other* nss-ldap which comes with nslcd, both of which use a daemon to handle lookups). Actually, if LDAP accounts in tmpfiles are somehow unavoidable, then SSSD may work better as it has a persistent local cache... (Still a bad idea though, as tmpfiles usually starts before SSSD.) -- Mantas Mikulėnas
_______________________________________________ systemd-devel mailing list systemd-devel@lists.freedesktop.org https://lists.freedesktop.org/mailman/listinfo/systemd-devel
