diff --git a/debian/control b/debian/control index 974c2ff64..072b6ee71 100644 --- a/debian/control +++ b/debian/control @@ -104,8 +104,6 @@ Depends: lsof, netcat-openbsd, network-manager, -# Ensure that nscd is installed rather than unscd. - nscd (>= 2), ppp, pppoe, python3-apt, diff --git a/plinth/modules/users/__init__.py b/plinth/modules/users/__init__.py index 021dffa5e..69ab1e998 100644 --- a/plinth/modules/users/__init__.py +++ b/plinth/modules/users/__init__.py @@ -47,7 +47,7 @@ class UsersApp(app_module.App): app_id = 'users' - _version = 5 + _version = 6 can_be_disabled = False @@ -68,7 +68,7 @@ class UsersApp(app_module.App): packages = Packages('packages-users', [ 'ldapscripts', 'ldap-utils', 'libnss-ldapd', 'libpam-ldapd', - 'nscd', 'nslcd', 'samba-common-bin', 'slapd', 'tdb-tools' + 'nslcd', 'samba-common-bin', 'slapd', 'tdb-tools' ]) self.add(packages) diff --git a/plinth/modules/users/data/usr/lib/systemd/system/nslcd.service.d/freedombox.conf b/plinth/modules/users/data/usr/lib/systemd/system/nslcd.service.d/freedombox.conf deleted file mode 100644 index f94d2c2f4..000000000 --- a/plinth/modules/users/data/usr/lib/systemd/system/nslcd.service.d/freedombox.conf +++ /dev/null @@ -1,4 +0,0 @@ -[Service] -# Invalidate LDAP related caches. -ExecStartPost=-nscd --invalidate=passwd -ExecStartPost=-nscd --invalidate=group diff --git a/plinth/modules/users/privileged.py b/plinth/modules/users/privileged.py index fde86ab5f..c0966fe3e 100644 --- a/plinth/modules/users/privileged.py +++ b/plinth/modules/users/privileged.py @@ -81,7 +81,15 @@ def _configure_ldap_authentication(): }) action_utils.dpkg_reconfigure('libnss-ldapd', {'nsswitch': 'group, passwd, shadow'}) - action_utils.service_restart('nscd') + + # NSS caching is not necessary in FreedomBox as lookup are done on a local + # LDAP daemon. Caching can lead to unexpected behavior after user account + # changes and after queries while nslcd is not running. See: + # https://salsa.debian.org/freedombox-team/freedombox/-/merge_requests/2520 + action_utils.service_mask('nscd') + action_utils.service_stop('nscd') + action_utils.service_mask('unscd') + action_utils.service_stop('unscd') # XXX: Workaround for login issue action_utils.service_enable('slapd') @@ -479,9 +487,7 @@ def set_user_status(username: str, status: str, auth_user: str, def _flush_cache(): - """Flush nscd and apache2 cache.""" - _run(['nscd', '--invalidate=passwd']) - _run(['nscd', '--invalidate=group']) + """Flush apache2 cache.""" action_utils.service_reload('apache2')