Issue #5806: nslcd is not properly handled in ipa-client-install - freeipa

freeipa

#5806 nslcd is not properly handled in ipa-client-install

Closed: wontfix 5 years ago by rcritten. Opened 8 years ago by rcritten.

I'm assuming nslcd should be disabled in ipa-client-install, just like nscd, but there is a ton less code that would do that, and there are some bugs probably related to the off-by-one character of nslcd vs nscd.

Then there is this code:

    nslcd = services.knownservices.nslcd
    if nscd.is_installed():
        save_state(nslcd)

This pretty obviously should be if nslcd.is_installed()

The installer goes through a lot of trouble to ensure that nscd isn't running. I wonder if it should go through similar trouble to ensure that nslcd isn't running. Otherwise the state is saved without really doing anything. This state saving was done for ticket https://fedorahosted.org/freeipa/ticket/3790 to ensure that state was restored, but what if nslcd is already running when ipa-client-install is executed? Presumably it will be disabled in the pam stack but the service will continue to run, right?

authconfig seems to be restarting the nslcd service for some reason:

2016-02-16T02:27:14Z DEBUG stderr=
2016-02-16T02:27:14Z DEBUG Saving StateFile to '/var/lib/ipa-client/sysrestore/sysrestore.state'
2016-02-16T02:27:14Z DEBUG args=/usr/sbin/authconfig --update --nisdomain company.com
2016-02-16T02:27:14Z DEBUG stdout=Starting nslcd: ESC[60G[ESC[0;32m  OK  ESC[0;39m]

That's about as far as my investigation went. This came in via IRC from immotus who saw errors in his logs of nslcd trying to contact his AD server.

pvoborni commented 8 years ago

    pv: the one-line fix can be done now (4.4)
    pv: the second part - disabling of nslcd, can wait for 4.5 even though it is easy fix. Is there any impact?
    [DP] Defer if we can
    [mkosek] I would also defer, especially if we are removing nslcd support eventually are are doing refactoring of the client (4.5 or later)
    pv: Future releases then (the other part)
    ai: fix the typo in 4.4 (guerilla patch to master)

pvoborni commented 8 years ago

guerilla patch sent: http://www.redhat.com/archives/freeipa-devel/2016-April/msg00236.html

mbasti commented 8 years ago

master:

a023dcb ipa-client-install: fix typo in nslcd service name

Leaving the ticket opened, only typo was fixed

Metadata Update from @rcritten:
- Issue assigned to someone
- Issue set to the milestone: Future Releases

7 years ago

rcritten commented 5 years ago

Thank you taking time to submit this request for FreeIPA. Unfortunately this bug was not given priority and the team lacks the capacity to work on it at this time.

Given that we are unable to fulfil this request I am closing the issue as wontfix. To request re-consideration of this decision please reopen this issue and provide additional technical details about its importance to you.

Metadata Update from @rcritten:
- Issue close_status updated to: wontfix
- Issue status updated to: Closed (was: Open)

5 years ago

Metadata

Assignee

someone

Tags

None

Blocking

None

Depending on

None

Priority

normal

Milestone

Future Releases

None

affects_doc

None

source

None

knownissue

None

type

defect

blockedby

None

test_case

None

component

Client

blocking

None

on_review

keywords

None

test_coverage

None

reviewer

None

external_tracker

None

rhbz

tester

None

changelog

None

design

None

freeipa

Source Code

#5806 nslcd is not properly handled in ipa-client-install Closed: wontfix 5 years ago by rcritten. Opened 8 years ago by rcritten.

Metadata

#5806 nslcd is not properly handled in ipa-client-install

Closed: wontfix 5 years ago by rcritten. Opened 8 years ago by rcritten.