Steve Langasek wrote: > On Fri, Mar 23, 2007 at 02:42:15AM +0100, Michael Biebl wrote: >>> Well, sorry, but I don't see how any other fix is possible for libnss-ldap. >>> It's a fact that udev does lookups for users/groups that are not guaranteed >>> to exist on the local system, and I don't think libnss-ldap should be >>> responsible for trying to munge the user's /etc/nsswitch.conf on boot to >>> avoid all LDAP lookups. > >> Imo there is a solution: >> The problem is, that libnss-ldap retries several times before it gives >> up (because there is no network connection yet). While this makes sense >> during normal operation, it doesn't make sense during bootup. >> So my suggestion would be: >> The first time, libnss-ldap can successfully query the (remote) ldap >> server, it creates a file, lets call it /var/run/nss-ldap-connected. >> Only if this file exists, libnss-ldap retries multiple times on network >> outages. >> This file is deleted on shutdown. >> On startup, if the file does not exist yet, nss-ldap does not retry to >> connect several times but immediately returns nothing if it cant connect >> to the server. > >> Does that sound reasonable? > > It sounds like a kludge to me, but I'm not the package maintainer so it's > not really my decision. Anyway, I don't think nss-ldap has to retry > anything to cause udev error messages, just a single lookup seems to be > enough. >
For the time being, I created two nsswitch.conf files (one with ldap support, the other without). The main network interface now contains an up and down rule which copies the "correct" nsswitch.conf file to /etc/, depending on the network state. Maybe this workaround could be documented in README.Debian. Cheers, Michael -- Why is it that all of the instruments seeking intelligent life in the universe are pointed away from Earth?
signature.asc
Description: OpenPGP digital signature
