RSS feed

Re: --disable-nslcd, nssov, and local user lookups

[Date Prev][Date Next] [Thread Prev][Thread Next]

Re: --disable-nslcd, nssov, and local user lookups

Hi Arthur,

Arthur de Jong wrote:
> On Mon, 2012-06-11 at 08:49 -0400, Ryan Steele wrote:
>> On a related note - what's the accepted approach to disabling nslcd at
>> build-time in addition to providing the --disable-nslcd flag?  I ask
>> because simply removing the following flags from debian/rules:
>>                 --sysconfdir=/etc \
>>              --localstatedir=/var \
>>                 --with-ldap-conf-file=/etc/nslcd.conf \
>>                 --with-nslcd-pidfile=/var/run/nslcd/ \
>>                 --with-nslcd-socket=/var/run/nslcd/socket
>> ...and adding this flag:
>>              --disable-nslcd
> You could keep --with-nslcd-socket since it is also used in the NSS and
> PAM modules. Having said that /var/run/nslcd/socket is the default so it
> shouldn't change anything.

Noted, thanks. I'll just rebuild with that option.

>> dh_install
>>      install -d debian/nslcd/
>>      cp -a debian/tmp/etc debian/nslcd//
>>      install -d debian/nslcd//usr
>>      cp -a debian/tmp/usr/sbin debian/nslcd//usr/
>> cp: cannot stat `debian/tmp/usr/sbin': No such file or directory
>> dh_install: cp -a debian/tmp/usr/sbin debian/nslcd//usr/ returned exit code 1
>> make: *** [binary-arch] Error 2
>> dpkg-buildpackage: error: debian/rules binary gave error exit status 2
> You could remove debian/nslcd.* and edit debian/control to remove the
> nslcd package section.
> Btw, out of curiosity, why are you building custom Debian packages?

The nssov docs 
 make a reference to building nss-pam-ldapd without nslcd since it's not 
needed.  I didn't want to run the risk of using the packages that leave it in 
and then not use it, potentially introducing some sort of dependency on a 
running nslcd that would never be satisfied.  I realized shortly after I sent 
that message that simply omitting nslcd from the control file did exactly what 
I needed, but I'm glad you mentioned leaving in the --with-nslcd-socket option 
since I didn't realize both modules needed it to communicate with LDAP.  

I did have one other question: since I won't be using nslcd, are the 
libnss-ldapd options that would have been set in /etc/nslcd.conf now configured 
via the nssov overlay instead of /etc/nslcd.conf, provided the options are 
available (I know that some are not, e.g. the nss_initgroups_ignoreusers 

To unsubscribe send an email to or see