mirror of
https://github.com/freedombox/FreedomBox.git
synced 2026-03-11 09:04:54 +00:00
7e7ad62c8b
Fixes an issue where LDAP group membership info is not available long time after system restart. This can happen when nscd cache is expired and name service queries are made while nslcd is not yet started. As a result, nscd group cache contains only local system groups and not LDAP groups. The issue arises more likely in slow systems where slapd/nslcd startup can take minutes. Could also depend on how long the device has been shut down before. Tests performed: - stop nscd service, start nslcd service, check form the logs that nscd reload errors are ignored and nslcd service starts successfully. - Test when nscd group cache is invalidated while nslcd is not running. Run commands: ``` systemctl reload nscd id tester systemctl stop nslcd nscd -i group id tester systemctl start nslcd id tester ``` Result before patch applied. ``` uid=10001(tester) gid=100(users) groups=10002(admin),100(users) uid=10001(tester) gid=100(users) groups=100(users) uid=10001(tester) gid=100(users) groups=100(users) ``` Result after patch applied, tester is in the admins group at the end. ``` uid=10001(tester) gid=100(users) groups=10002(admin),100(users) uid=10001(tester) gid=100(users) groups=100(users) uid=10001(tester) gid=100(users) groups=10002(admin),100(users) ``` Signed-off-by: Veiko Aasa <veiko17@disroot.org> Reviewed-by: Sunil Mohan Adapa <sunil@medhas.org>