lists.arthurdejong.org
RSS feed

Re: --disable-nslcd, nssov, and local user lookups

[Date Prev][Date Next] [Thread Prev][Thread Next]

Re: --disable-nslcd, nssov, and local user lookups



Hi Arthur,

Arthur de Jong wrote:
> On Mon, 2012-06-11 at 08:49 -0400, Ryan Steele wrote:
>> On a related note - what's the accepted approach to disabling nslcd at
>> build-time in addition to providing the --disable-nslcd flag?  I ask
>> because simply removing the following flags from debian/rules:
>>
>>                 --sysconfdir=/etc \
>>              --localstatedir=/var \
>>                 --with-ldap-conf-file=/etc/nslcd.conf \
>>                 --with-nslcd-pidfile=/var/run/nslcd/nslcd.pid \
>>                 --with-nslcd-socket=/var/run/nslcd/socket
>>
>> ...and adding this flag:
>>
>>              --disable-nslcd
> 
> You could keep --with-nslcd-socket since it is also used in the NSS and
> PAM modules. Having said that /var/run/nslcd/socket is the default so it
> shouldn't change anything.

Noted, thanks. I'll just rebuild with that option.

>> dh_install
>>      install -d debian/nslcd/
>>      cp -a debian/tmp/etc debian/nslcd//
>>      install -d debian/nslcd//usr
>>      cp -a debian/tmp/usr/sbin debian/nslcd//usr/
>> cp: cannot stat `debian/tmp/usr/sbin': No such file or directory
>> dh_install: cp -a debian/tmp/usr/sbin debian/nslcd//usr/ returned exit code 1
>> make: *** [binary-arch] Error 2
>> dpkg-buildpackage: error: debian/rules binary gave error exit status 2
> 
> You could remove debian/nslcd.* and edit debian/control to remove the
> nslcd package section.
> 
> Btw, out of curiosity, why are you building custom Debian packages?
> 

The nssov docs 
(http://www.openldap.org/devel//cvsweb.cgi/~checkout~/contrib/slapd-modules/nssov/README?rev=1.10&hideattic=1&sortbydate=0)
 make a reference to building nss-pam-ldapd without nslcd since it's not 
needed.  I didn't want to run the risk of using the packages that leave it in 
and then not use it, potentially introducing some sort of dependency on a 
running nslcd that would never be satisfied.  I realized shortly after I sent 
that message that simply omitting nslcd from the control file did exactly what 
I needed, but I'm glad you mentioned leaving in the --with-nslcd-socket option 
since I didn't realize both modules needed it to communicate with LDAP.  

I did have one other question: since I won't be using nslcd, are the 
libnss-ldapd options that would have been set in /etc/nslcd.conf now configured 
via the nssov overlay instead of /etc/nslcd.conf, provided the options are 
available (I know that some are not, e.g. the nss_initgroups_ignoreusers 
option)?

Cheers,
Ryan
-- 
To unsubscribe send an email to
nss-pam-ldapd-users-unsubscribe@lists.arthurdejong.org or see
http://lists.arthurdejong.org/nss-pam-ldapd-users/