| 1 |
Thus spake Rémi Cardona on Fri, Jun 09, 2006 at 03:05:33AM CDT |
| 2 |
> Lindsay Haisley wrote: |
| 3 |
> >Seems that I'm not the only one with this problem. There are several |
| 4 |
> >fixes which collectively seem to put things back to normal. See |
| 5 |
> >http://bugs.gentoo.org/show_bug.cgi?id=99564 |
| 6 |
> |
| 7 |
> Workarounds are suggested in the bug you pointed out. Just comment out |
| 8 |
> the udev entries that use non-exsting groups such as "tpm". |
| 9 |
|
| 10 |
After I found the bug report I applied several of the posted fixes for the |
| 11 |
problem and left a few comments. Things are back to normal here. |
| 12 |
|
| 13 |
My main issue here is the question of how such a condition can occur. I have |
| 14 |
USE=ldap set, and a Gentoo ebuild at some point put ldap into the |
| 15 |
authentication methods for passwd, shadow and group, probably because this flag |
| 16 |
was set when glibc was last emerged. Whatever happened, I ended up with udevd |
| 17 |
trying to find an ldap server before either the network or the local ldap |
| 18 |
server were up and running. This shouldn't ever be allowed to happen. |
| 19 |
|
| 20 |
> On the forums, several people made shell scripts that switched between |
| 21 |
> two nsswitch.conf during bootup and after. This really is an ugly hack. |
| 22 |
|
| 23 |
It's the UNIX way ;-) |
| 24 |
|
| 25 |
> Another option is to put timeouts in ldap.conf. It's barely documented |
| 26 |
> but someone pointed this out in the forums. |
| 27 |
|
| 28 |
Here are a couple of thoughts. There's a single ldap USE flag spec'd for |
| 29 |
Gentoo. There are, however, several widely different ways in which ldap can be |
| 30 |
used. For instance, although I have ldap in my USE flags for my desktop |
| 31 |
system, I don't want to use ldap authentication, nor do I want the system to |
| 32 |
even try to use it. I do want ldap capabilities in applications such as |
| 33 |
evolution, and ldap clients, and proper schemas installed by various such |
| 34 |
applilcations which can take advantage of them. Perhaps rather than a single |
| 35 |
"ldap" USE flag, there need to be at least a couple - "ldap-auth", |
| 36 |
"ldap-client", etc. |
| 37 |
|
| 38 |
> >This is really nasty. Had it happened on one of my servers, one of which |
| 39 |
> >runs gentoo, it would have cost me customers! |
| 40 |
> |
| 41 |
> Thus the need to try things out before updating production servers :) |
| 42 |
> Safe business practice ihmo, although this bug really a PITA. |
| 43 |
|
| 44 |
One of the disadvantages of Gentoo is that it follows the open source maxim |
| 45 |
"release early, release often" pretty literally. The choices are either to |
| 46 |
keep an identical non-production server around as a test bed or to not try to |
| 47 |
keep up2date on stuff once the system is stable. I do live dangerously, and |
| 48 |
reserve the right to whine about it when I get my butt bitten ;-) One of the |
| 49 |
advantages of Gentoo is that the dev community and forums are generally very |
| 50 |
helpful in solving stuff when things break. bugs.gentoo.org is a great |
| 51 |
resource to which I successfully turn more often than I would wish. |
| 52 |
|
| 53 |
> I read someplace this was going to be fixed in later versions of nss_ldap. |
| 54 |
|
| 55 |
Yeah, this bug has been outstanding for many months. I put a version cap in |
| 56 |
packages.mask on nss_ldap and a comment referencing the bug report. It looks |
| 57 |
as if Greg KH and other devs can't quite agree on where the responsibility lies |
| 58 |
for this one. |
| 59 |
|
| 60 |
-- |
| 61 |
Lindsay Haisley | "Fighting against human | PGP public key |
| 62 |
FMP Computer Services | creativity is like | available at |
| 63 |
512-259-1190 | trying to eradicate | <http://pubkeys.fmp.com> |
| 64 |
http://www.fmp.com | dandelions" | |
| 65 |
| (Pamela Jones) | |
| 66 |
-- |
| 67 |
gentoo-desktop@g.o mailing list |
Archives