I'm assuming nslcd should be disabled in ipa-client-install, just like nscd, but there is a ton less code that would do that, and there are some bugs probably related to the off-by-one character of nslcd vs nscd.
Then there is this code:
nslcd = services.knownservices.nslcd if nscd.is_installed(): save_state(nslcd)
This pretty obviously should be if nslcd.is_installed()
The installer goes through a lot of trouble to ensure that nscd isn't running. I wonder if it should go through similar trouble to ensure that nslcd isn't running. Otherwise the state is saved without really doing anything. This state saving was done for ticket https://fedorahosted.org/freeipa/ticket/3790 to ensure that state was restored, but what if nslcd is already running when ipa-client-install is executed? Presumably it will be disabled in the pam stack but the service will continue to run, right?
authconfig seems to be restarting the nslcd service for some reason:
2016-02-16T02:27:14Z DEBUG stderr= 2016-02-16T02:27:14Z DEBUG Saving StateFile to '/var/lib/ipa-client/sysrestore/sysrestore.state' 2016-02-16T02:27:14Z DEBUG args=/usr/sbin/authconfig --update --nisdomain company.com 2016-02-16T02:27:14Z DEBUG stdout=Starting nslcd: ESC[60G[ESC[0;32m OK ESC[0;39m]
That's about as far as my investigation went. This came in via IRC from immotus who saw errors in his logs of nslcd trying to contact his AD server.
pv: the one-line fix can be done now (4.4) pv: the second part - disabling of nslcd, can wait for 4.5 even though it is easy fix. Is there any impact? [DP] Defer if we can [mkosek] I would also defer, especially if we are removing nslcd support eventually are are doing refactoring of the client (4.5 or later) pv: Future releases then (the other part) ai: fix the typo in 4.4 (guerilla patch to master)
guerilla patch sent: http://www.redhat.com/archives/freeipa-devel/2016-April/msg00236.html
master:
Leaving the ticket opened, only typo was fixed
Metadata Update from @rcritten: - Issue assigned to someone - Issue set to the milestone: Future Releases
Thank you taking time to submit this request for FreeIPA. Unfortunately this bug was not given priority and the team lacks the capacity to work on it at this time.
Given that we are unable to fulfil this request I am closing the issue as wontfix. To request re-consideration of this decision please reopen this issue and provide additional technical details about its importance to you.
Metadata Update from @rcritten: - Issue close_status updated to: wontfix - Issue status updated to: Closed (was: Open)
Login to comment on this ticket.