Package: nslcd
Version: 0.9.7-2
On clean system, if I try to install nslcd, the recommended package
ca-certificates is installed together, but first the nslcd package installed
and want to be started from systemd.
The postinst script of nslcd generates default /etc/nslcd.conf with option
tls_cacertfile /etc/ssl/certs/ca-certificates.crt
Because the ca-certificates package is installed *after* nslcd, the nslcd fails
to start with message:
==================================================
# apt-get -y install nslcd
Reading package lists... Done
Building dependency tree
Reading state information... Done
The following additional packages will be installed:
ca-certificates libnss-ldapd libpam-ldapd nscd nslcd-utils
Suggested packages:
kstart
The following NEW packages will be installed:
ca-certificates libnss-ldapd libpam-ldapd nscd nslcd nslcd-utils
0 upgraded, 6 newly installed, 0 to remove and 0 not upgraded.
Need to get 437 kB/838 kB of archives.
After this operation, 1,705 kB of additional disk space will be used.
Get:1 http://apt.abacus.ch/debian stretch/main amd64 nscd amd64 2.24-11+deb9u1
[267 kB]
Get:2 http://apt.abacus.ch/debian stretch/main amd64 libnss-ldapd amd64 0.9.7-2
[66.2 kB]
Get:3 http://apt.abacus.ch/debian stretch/main amd64 libpam-ldapd amd64 0.9.7-2
[53.6 kB]
Get:4 http://apt.abacus.ch/debian stretch/main amd64 nslcd-utils all 0.9.7-2
[50.7 kB]
Fetched 437 kB in 0s (2,529 kB/s)
Preconfiguring packages ...
{{{ nslcd configuration is done here }}}
Selecting previously unselected package nslcd.
(Reading database ... 27581 files and directories currently installed.)
Preparing to unpack .../0-nslcd_0.9.7-2_amd64.deb ...
Unpacking nslcd (0.9.7-2) ...
Selecting previously unselected package ca-certificates.
Preparing to unpack .../1-ca-certificates_20161130+nmu1_all.deb ...
Unpacking ca-certificates (20161130+nmu1) ...
Selecting previously unselected package nscd.
Preparing to unpack .../2-nscd_2.24-11+deb9u1_amd64.deb ...
Unpacking nscd (2.24-11+deb9u1) ...
Selecting previously unselected package libnss-ldapd:amd64.
Preparing to unpack .../3-libnss-ldapd_0.9.7-2_amd64.deb ...
Unpacking libnss-ldapd:amd64 (0.9.7-2) ...
Selecting previously unselected package libpam-ldapd:amd64.
Preparing to unpack .../4-libpam-ldapd_0.9.7-2_amd64.deb ...
Unpacking libpam-ldapd:amd64 (0.9.7-2) ...
Selecting previously unselected package nslcd-utils.
Preparing to unpack .../5-nslcd-utils_0.9.7-2_all.deb ...
Unpacking nslcd-utils (0.9.7-2) ...
Setting up nscd (2.24-11+deb9u1) ...
Created symlink /etc/systemd/system/multi-user.target.wants/nscd.service →
/lib/systemd/system/nscd.service.
Processing triggers for libc-bin (2.24-11+deb9u1) ...
Processing triggers for systemd (232-25+deb9u1) ...
Setting up nslcd (0.9.7-2) ...
Job for nslcd.service failed because the control process exited with error code.
See "systemctl status nslcd.service" and "journalctl -xe" for details.
invoke-rc.d: initscript nslcd, action "start" failed.
● nslcd.service - LSB: LDAP connection daemon
Loaded: loaded (/etc/init.d/nslcd; generated; vendor preset: enabled)
Active: failed (Result: exit-code) since Wed 2017-09-27 16:47:48 CEST; 9ms
ago
Docs: man:systemd-sysv-generator(8)
Process: 29680 ExecStart=/etc/init.d/nslcd start (code=exited,
status=1/FAILURE)
Sep 27 16:47:48 wolf-stra1 systemd[1]: Starting LSB: LDAP connection daemon...
Sep 27 16:47:48 wolf-stra1 nslcd[29680]: Starting LDAP connection daemon:
nslcdnslcd: /etc/nslcd.conf:28: tls_cacertfile: error accessing
/etc/ssl/certs/ca-certificates.crt: No such file or directory
Sep 27 16:47:48 wolf-stra1 nslcd[29680]: failed!
Sep 27 16:47:48 wolf-stra1 systemd[1]: nslcd.service: Control process exited,
code=exited status=1
Sep 27 16:47:48 wolf-stra1 systemd[1]: Failed to start LSB: LDAP connection
daemon.
Sep 27 16:47:48 wolf-stra1 systemd[1]: nslcd.service: Unit entered failed state.
Sep 27 16:47:48 wolf-stra1 systemd[1]: nslcd.service: Failed with result
'exit-code'.
dpkg: error processing package nslcd (--configure):
subprocess installed post-installation script returned error exit status 1
Setting up ca-certificates (20161130+nmu1) ...
Updating certificates in /etc/ssl/certs...
166 added, 0 removed; done.
dpkg: dependency problems prevent configuration of libpam-ldapd:amd64:
libpam-ldapd:amd64 depends on nslcd (>= 0.9.0) | nslcd-2; however:
Package nslcd is not configured yet.
Package nslcd-2 is not installed.
Package nslcd which provides nslcd-2 is not configured yet.
dpkg: error processing package libpam-ldapd:amd64 (--configure):
dependency problems - leaving unconfigured
dpkg: dependency problems prevent configuration of nslcd-utils:
nslcd-utils depends on nslcd (>= 0.9.0) | nslcd-2; however:
Package nslcd is not configured yet.
Package nslcd-2 is not installed.
Package nslcd which provides nslcd-2 is not configured yet.
dpkg: error processing package nslcd-utils (--configure):
dependency problems - leaving unconfigured
dpkg: dependency problems prevent configuration of libnss-ldapd:amd64:
libnss-ldapd:amd64 depends on nslcd (>= 0.9.0) | nslcd-2; however:
Package nslcd is not configured yet.
Package nslcd-2 is not installed.
Package nslcd which provides nslcd-2 is not configured yet.
dpkg: error processing package libnss-ldapd:amd64 (--configure):
dependency problems - leaving unconfigured
Processing triggers for systemd (232-25+deb9u1) ...
Processing triggers for ca-certificates (20161130+nmu1) ...
Updating certificates in /etc/ssl/certs...
0 added, 0 removed; done.
Running hooks in /etc/ca-certificates/update.d...
done.
Errors were encountered while processing:
nslcd
libpam-ldapd:amd64
nslcd-utils
libnss-ldapd:amd64
E: Sub-process /usr/bin/dpkg returned an error code (1)
==================================================
and installation is interrupted. As you can see, the installation of
ca-certificates finished and the file /etc/ssl/certs/ca-certificates.crt has
been created so calling now apt-get -fy install does finish the installation
correctly:
==================================================
# apt-get -fy install
Reading package lists... Done
Building dependency tree
Reading state information... Done
0 upgraded, 0 newly installed, 0 to remove and 0 not upgraded.
4 not fully installed or removed.
After this operation, 0 B of additional disk space will be used.
Setting up nslcd (0.9.7-2) ...
Setting up libpam-ldapd:amd64 (0.9.7-2) ...
Setting up nslcd-utils (0.9.7-2) ...
Setting up libnss-ldapd:amd64 (0.9.7-2) ...
Processing triggers for libc-bin (2.24-11+deb9u1) ...
W: APT had planned for dpkg to do more than it reported back (9 vs 13).
Affected packages: nslcd:amd64
==================================================
The other problem happends, if I don't want to install ca-certificates package
(from any reason, e.g. I need only user listing over plain-text ldap or I want
create stunnel on local host for ssl connection to LDAP server and let nslcd
to talk with stunnel over plain text connection):
==================================================
# apt-get -y -o 'APT::Install-Recommends="false";' install nslcd libnss-ldapd
Reading package lists... Done
Building dependency tree
Reading state information... Done
Suggested packages:
kstart
Recommended packages:
nscd ca-certificates libpam-ldapd | libpam-ldap | libpam-krb5 |
libpam-heimdal | libpam-sss nslcd-utils
The following NEW packages will be installed:
libnss-ldapd nslcd
0 upgraded, 2 newly installed, 0 to remove and 0 not upgraded.
Need to get 0 B/271 kB of archives.
After this operation, 612 kB of additional disk space will be used.
Preconfiguring packages ...
Package configuration
Selecting previously unselected package nslcd.
(Reading database ... 27922 files and directories currently installed.)
Preparing to unpack .../nslcd_0.9.7-2_amd64.deb ...
Unpacking nslcd (0.9.7-2) ...
Selecting previously unselected package libnss-ldapd:amd64.
Preparing to unpack .../libnss-ldapd_0.9.7-2_amd64.deb ...
Unpacking libnss-ldapd:amd64 (0.9.7-2) ...
Processing triggers for libc-bin (2.24-11+deb9u1) ...
Processing triggers for systemd (232-25+deb9u1) ...
Setting up nslcd (0.9.7-2) ...
Job for nslcd.service failed because the control process exited with error code.
See "systemctl status nslcd.service" and "journalctl -xe" for details.
invoke-rc.d: initscript nslcd, action "start" failed.
* nslcd.service - LSB: LDAP connection daemon
Loaded: loaded (/etc/init.d/nslcd; generated; vendor preset: enabled)
Active: failed (Result: exit-code) since Wed 2017-09-27 16:55:54 CEST; 9ms
ago
Docs: man:systemd-sysv-generator(8)
Process: 10280 ExecStart=/etc/init.d/nslcd start (code=exited,
status=1/FAILURE)
Sep 27 16:55:54 wolf-stra1 systemd[1]: Starting LSB: LDAP connection daemon...
Sep 27 16:55:54 wolf-stra1 nslcd[10280]: Starting LDAP connection daemon:
nslcdnslcd: /etc/nslcd.conf:28: tls_cacertfile: error accessing
/etc/ssl/certs/ca-certificates.crt: No such file or directory
Sep 27 16:55:54 wolf-stra1 nslcd[10280]: failed!
Sep 27 16:55:54 wolf-stra1 systemd[1]: nslcd.service: Control process exited,
code=exited status=1
Sep 27 16:55:54 wolf-stra1 systemd[1]: Failed to start LSB: LDAP connection
daemon.
Sep 27 16:55:54 wolf-stra1 systemd[1]: nslcd.service: Unit entered failed state.
Sep 27 16:55:54 wolf-stra1 systemd[1]: nslcd.service: Failed with result
'exit-code'.
dpkg: error processing package nslcd (--configure):
subprocess installed post-installation script returned error exit status 1
Processing triggers for man-db (2.7.6.1-2) ...
dpkg: dependency problems prevent configuration of libnss-ldapd:amd64:
libnss-ldapd:amd64 depends on nslcd (>= 0.9.0) | nslcd-2; however:
Package nslcd is not configured yet.
Package nslcd-2 is not installed.
Package nslcd which provides nslcd-2 is not configured yet.
dpkg: error processing package libnss-ldapd:amd64 (--configure):
dependency problems - leaving unconfigured
Processing triggers for systemd (232-25+deb9u1) ...
Errors were encountered while processing:
nslcd
libnss-ldapd:amd64
E: Sub-process /usr/bin/dpkg returned an error code (1)
==================================================
In this case is only nslcd installed and ca-certificate stays uninstalled so
in this case the apt-get -fy install does not help:
==================================================
# apt-get -fy install
Reading package lists... Done
Building dependency tree
Reading state information... Done
0 upgraded, 0 newly installed, 0 to remove and 0 not upgraded.
2 not fully installed or removed.
After this operation, 0 B of additional disk space will be used.
Setting up nslcd (0.9.7-2) ...
Job for nslcd.service failed because the control process exited with error code.
See "systemctl status nslcd.service" and "journalctl -xe" for details.
invoke-rc.d: initscript nslcd, action "start" failed.
● nslcd.service - LSB: LDAP connection daemon
Loaded: loaded (/etc/init.d/nslcd; generated; vendor preset: enabled)
Active: failed (Result: exit-code) since Wed 2017-09-27 17:27:30 CEST; 7ms
ago
Docs: man:systemd-sysv-generator(8)
Process: 10531 ExecStart=/etc/init.d/nslcd start (code=exited,
status=1/FAILURE)
Sep 27 17:27:30 wolf-stra1 systemd[1]: Starting LSB: LDAP connection daemon...
Sep 27 17:27:30 wolf-stra1 nslcd[10531]: Starting LDAP connection daemon:
nslcdnslcd: /etc/nslcd.conf:28: tls_cacertfile: error accessing
/etc/ssl/certs/ca-certificates.crt: No such file or directory
Sep 27 17:27:30 wolf-stra1 nslcd[10531]: failed!
Sep 27 17:27:30 wolf-stra1 systemd[1]: nslcd.service: Control process exited,
code=exited status=1
Sep 27 17:27:30 wolf-stra1 systemd[1]: Failed to start LSB: LDAP connection
daemon.
Sep 27 17:27:30 wolf-stra1 systemd[1]: nslcd.service: Unit entered failed state.
Sep 27 17:27:30 wolf-stra1 systemd[1]: nslcd.service: Failed with result
'exit-code'.
dpkg: error processing package nslcd (--configure):
subprocess installed post-installation script returned error exit status 1
dpkg: dependency problems prevent configuration of libnss-ldapd:amd64:
libnss-ldapd:amd64 depends on nslcd (>= 0.9.0) | nslcd-2; however:
Package nslcd is not configured yet.
Package nslcd-2 is not installed.
Package nslcd which provides nslcd-2 is not configured yet.
dpkg: error processing package libnss-ldapd:amd64 (--configure):
dependency problems - leaving unconfigured
Errors were encountered while processing:
nslcd
libnss-ldapd:amd64
E: Sub-process /usr/bin/dpkg returned an error code (1)
==================================================
And because the file /etc/nslcd.conf is created in postinst script, even
changing manually /etc/nslcd.conf and removing/commenting-out the line
tls_cacertfile /etc/ssl/certs/ca-certificates.crt
does not help.
The "apt install nslcd" works the same way as apt-get.
Either must nslcd depends on ca-certificates or nslcd.conf should not contain
configuration:
tls_cacertfile /etc/ssl/certs/ca-certificates.crt
Thank you for the fix.
Kind regards
Robert Wolf.
