From 7e7ad62c8ba856c1fb1e78822a80affeb69037d3 Mon Sep 17 00:00:00 2001
From: Veiko Aasa <veiko17@disroot.org>
Date: Tue, 17 Sep 2024 16:18:21 +0300
Subject: [PATCH] users: Invalidate nscd cache after nslcd service startup

Fixes an issue where LDAP group membership info is not available long time
after system restart. This can happen when nscd cache is expired and name
service queries are made while nslcd is not yet started. As a result, nscd
group cache contains only local system groups and not LDAP groups. The issue
arises more likely in slow systems where slapd/nslcd startup can take minutes.
Could also depend on how long the device has been shut down before.

Tests performed:
  - stop nscd service, start nslcd service, check form the logs that
nscd reload errors are ignored and nslcd service starts successfully.

  - Test when nscd group cache is invalidated while nslcd is not running.
Run commands:
```
systemctl reload nscd
id tester
systemctl stop nslcd
nscd -i group
id tester
systemctl start nslcd
id tester
```

Result before patch applied.
```
uid=10001(tester) gid=100(users) groups=10002(admin),100(users)
uid=10001(tester) gid=100(users) groups=100(users)
uid=10001(tester) gid=100(users) groups=100(users)
```

Result after patch applied, tester is in the admins group at the end.
```
uid=10001(tester) gid=100(users) groups=10002(admin),100(users)
uid=10001(tester) gid=100(users) groups=100(users)
uid=10001(tester) gid=100(users) groups=10002(admin),100(users)
```

Signed-off-by: Veiko Aasa <veiko17@disroot.org>
Reviewed-by: Sunil Mohan Adapa <sunil@medhas.org>
---
 .../usr/lib/systemd/system/nslcd.service.d/freedombox.conf    | 4 ++++
 1 file changed, 4 insertions(+)
 create mode 100644 plinth/modules/users/data/usr/lib/systemd/system/nslcd.service.d/freedombox.conf

diff --git a/plinth/modules/users/data/usr/lib/systemd/system/nslcd.service.d/freedombox.conf b/plinth/modules/users/data/usr/lib/systemd/system/nslcd.service.d/freedombox.conf
new file mode 100644
index 000000000..f94d2c2f4
--- /dev/null
+++ b/plinth/modules/users/data/usr/lib/systemd/system/nslcd.service.d/freedombox.conf
@@ -0,0 +1,4 @@
+[Service]
+# Invalidate LDAP related caches.
+ExecStartPost=-nscd --invalidate=passwd
+ExecStartPost=-nscd --invalidate=group