[nssldap] Re: disconnected nss_ldap

[Date Prev][Date Next] [Thread Prev][Thread Next]

From: "Brian J. Murrell" <brian [at] interlinx.bc.ca>
To: nssldap [at] padl.com
Subject: [nssldap] Re: disconnected nss_ldap
Date: Mon, 02 Nov 2009 01:24:06 -0500

On Sun, 2009-11-01 at 22:19 -0500, Brian J. Murrell wrote: 
> 

Hrm.  I spoke too soon.  :-(

> Some debugging in nscd reveals that the problem lies in that the
> only error value that nscd is allowing for the "unreachable server" case
> is EAGAIN.  However, in my case (at least), where I am blocking the LDAP
> server with iptables configured to send back TCP RST, the error value is
> ENOTCONN and when I tell nscd that ENOTCONN is a vaild error for the
> "unreachable" case, nscd seems to hold on to the entries it had before
> the LDAP server became unreachable.

But in testing what nscd does when the network connection is down
altogether, it would seem that __getpw{nam|uuid}_r() returns an ENOENT
(2).  Which of course it not valid for the "server unreachable" clause
of nscd which simply allows the cached record to live on.

I'm not sure why that is TBH.  It seems reasonable that an ENOENT is
suitable for the local, /etc/passwd entry (in absence of any other
databases), but surely when configured with nss_ldap ("passwd: compat
ldap" in /etc/nsswitch.conf), an ENOENT for a missing /etc/passwd entry
is suppressed and the return from nss_ldap is the final return for the
__getpw{nam|uuid}_r() functions, yes?

b.

Re: [nssldap] disconnected nss_ldap, (continued)

Prev by Date: [nssldap] Re: disconnected nss_ldap
Next by Date: [nssldap] Call for nss_ov and nss-ldapd Testers
Previous by thread: [nssldap] Re: disconnected nss_ldap
Next by thread: [nssldap] Re: disconnected nss_ldap