1 |
Thus spake Rémi Cardona on Fri, Jun 09, 2006 at 03:05:33AM CDT |
2 |
> Lindsay Haisley wrote: |
3 |
> >Seems that I'm not the only one with this problem. There are several |
4 |
> >fixes which collectively seem to put things back to normal. See |
5 |
> >http://bugs.gentoo.org/show_bug.cgi?id=99564 |
6 |
> |
7 |
> Workarounds are suggested in the bug you pointed out. Just comment out |
8 |
> the udev entries that use non-exsting groups such as "tpm". |
9 |
|
10 |
After I found the bug report I applied several of the posted fixes for the |
11 |
problem and left a few comments. Things are back to normal here. |
12 |
|
13 |
My main issue here is the question of how such a condition can occur. I have |
14 |
USE=ldap set, and a Gentoo ebuild at some point put ldap into the |
15 |
authentication methods for passwd, shadow and group, probably because this flag |
16 |
was set when glibc was last emerged. Whatever happened, I ended up with udevd |
17 |
trying to find an ldap server before either the network or the local ldap |
18 |
server were up and running. This shouldn't ever be allowed to happen. |
19 |
|
20 |
> On the forums, several people made shell scripts that switched between |
21 |
> two nsswitch.conf during bootup and after. This really is an ugly hack. |
22 |
|
23 |
It's the UNIX way ;-) |
24 |
|
25 |
> Another option is to put timeouts in ldap.conf. It's barely documented |
26 |
> but someone pointed this out in the forums. |
27 |
|
28 |
Here are a couple of thoughts. There's a single ldap USE flag spec'd for |
29 |
Gentoo. There are, however, several widely different ways in which ldap can be |
30 |
used. For instance, although I have ldap in my USE flags for my desktop |
31 |
system, I don't want to use ldap authentication, nor do I want the system to |
32 |
even try to use it. I do want ldap capabilities in applications such as |
33 |
evolution, and ldap clients, and proper schemas installed by various such |
34 |
applilcations which can take advantage of them. Perhaps rather than a single |
35 |
"ldap" USE flag, there need to be at least a couple - "ldap-auth", |
36 |
"ldap-client", etc. |
37 |
|
38 |
> >This is really nasty. Had it happened on one of my servers, one of which |
39 |
> >runs gentoo, it would have cost me customers! |
40 |
> |
41 |
> Thus the need to try things out before updating production servers :) |
42 |
> Safe business practice ihmo, although this bug really a PITA. |
43 |
|
44 |
One of the disadvantages of Gentoo is that it follows the open source maxim |
45 |
"release early, release often" pretty literally. The choices are either to |
46 |
keep an identical non-production server around as a test bed or to not try to |
47 |
keep up2date on stuff once the system is stable. I do live dangerously, and |
48 |
reserve the right to whine about it when I get my butt bitten ;-) One of the |
49 |
advantages of Gentoo is that the dev community and forums are generally very |
50 |
helpful in solving stuff when things break. bugs.gentoo.org is a great |
51 |
resource to which I successfully turn more often than I would wish. |
52 |
|
53 |
> I read someplace this was going to be fixed in later versions of nss_ldap. |
54 |
|
55 |
Yeah, this bug has been outstanding for many months. I put a version cap in |
56 |
packages.mask on nss_ldap and a comment referencing the bug report. It looks |
57 |
as if Greg KH and other devs can't quite agree on where the responsibility lies |
58 |
for this one. |
59 |
|
60 |
-- |
61 |
Lindsay Haisley | "Fighting against human | PGP public key |
62 |
FMP Computer Services | creativity is like | available at |
63 |
512-259-1190 | trying to eradicate | <http://pubkeys.fmp.com> |
64 |
http://www.fmp.com | dandelions" | |
65 |
| (Pamela Jones) | |
66 |
-- |
67 |
gentoo-desktop@g.o mailing list |