Hi, I maintain nss-ldapd, a replacement for nss_ldap which uses a local daemon (nslcd) to proxy name lookup requests (passwd/group/hosts/etc) to an LDAP server. I have received a bug report (#475626) that I would welcome some input on. The problem is that a lot of daemons are started at sequence 20 (/etc/rc2.d/S20...) an may want to do name lookups (e.g. exim is mentioned in the bugreport). This means that nslcd should probably be started before sequence 20. However, slapd is started at sequence 19 and it would be best to start nslcd after slapd. Currently nslcd is started at sequence 20. The problem with starting nslcd before slapd is that slapd does name lookups during startup which slow down slapd startup by about 5 seconds (because slapd is not ready to handle lookups yet) and leaves nslcd in a state where it believes the LDAP server is unreachable and will only retry after some timeout has expired. This could in turn cause failed lookups for processes that do name lookups just after slapd has been started. So, what would the best solution for this problem? - request slapd to be started at sequence 18 and start nslcd at sequence 19 when this has changed (haven't extensively checked if that would cause problems for slapd) - add some magic to nslcd to do more retries during startup and handle this case especially - something else?? This also brings up the problem with what to do with existing installations. If I understand correctly changing the parameter to update-rc.d will not change any existing symlinks so any changes that are made now will only affect existing installations. Feedback is very much appreciated (also other feedback related to nss-ldapd). Thanks. -- -- arthur - adejong@debian.org - http://people.debian.org/~adejong --
Attachment:
signature.asc
Description: This is a digitally signed message part