Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

nixos/ldap: remove redundant configuration options #78960

Merged
merged 2 commits into from Feb 3, 2020
Merged

nixos/ldap: remove redundant configuration options #78960

merged 2 commits into from Feb 3, 2020

Conversation

aanderse
Copy link
Member

@aanderse aanderse commented Jan 31, 2020
edited

Motivation for this change
Things done
  • Tested using sandboxing (nix.useSandbox on NixOS, or option sandbox in nix.conf on non-NixOS linux)
  • Built on platform(s)
    • NixOS
    • macOS
    • other Linux distributions
  • Tested via one or more NixOS test(s) if existing and applicable for the change (look inside nixos/tests)
  • Tested compilation of all pkgs that depend on this change using nix-shell -p nixpkgs-review --run "nixpkgs-review wip"
  • Tested execution of all binary files (usually in ./result/bin/)
  • Determined the impact on package closure size (by running nix path-info -S before and after)
  • Ensured that relevant documentation is up to date
  • Fits CONTRIBUTING.md.

@aanderse
Copy link
Member Author

@GrahamcOfBorg test ldap

@aanderse
Copy link
Member Author

I guess the ldap test wasn't a good choice because apparently it is broken in master right now 😞
I tested this change and it eliminates error messages on nslcd.service restart.

@aanderse aanderse marked this pull request as ready for review January 31, 2020 16:03
@flokli
Copy link
Contributor

flokli commented Feb 1, 2020

Uff, it used to work…

Did you verify things still work with a local setup? I'd rather see this being tested somehow, if we can't get the tests to work right now…

@aanderse
Copy link
Member Author

aanderse commented Feb 1, 2020

I deployed this change to a nixops machine and was able to access the machine via ssh with a password. I ran journalctl -f -u nslcd.service both while I deployed and while I logged in - there were no errors.

I'll run some more tests, including running a command via sudo as well as a local login and then report back 👍

@flokli
Copy link
Contributor

flokli commented Feb 2, 2020 via email

@aanderse
Copy link
Member Author

aanderse commented Feb 3, 2020

With this change I have confirmed that for an account authenticated via ldap:

  • remote ssh logins work with a password
  • remote ssh logins work with a key
  • local logins work with a password
  • sudo rules work
  • getent passwd username yields the expected results
  • getent.ldap passwd username yields the expected results
  • there are no more errors in journalctl

After reading through source code to better understand where these errors might be coming from, combined with the mentioned testing I believe this PR is ready for a merge.

@flokli
Copy link
Contributor

flokli commented Feb 3, 2020

Alright. Thanks :-)

@flokli flokli merged commit d4a951f into NixOS:master Feb 3, 2020
@aanderse aanderse deleted the nslcd branch February 3, 2020 18:43
dtzWill pushed a commit to dtzWill/nixpkgs that referenced this pull request Feb 4, 2020
@flokli @dtzWill
Merge pull request NixOS#78960 from aanderse/nslcd
a5d60d1 
nixos/ldap: remove redundant configuration options

(cherry picked from commit d4a951f)
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@grahamc grahamc Awaiting requested review from grahamc

@flokli flokli Awaiting requested review from flokli

Assignees
No one assigned
Labels
6.topic: nixos 8.has: module (update) 10.rebuild-darwin: 0 10.rebuild-linux: 0
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.

None yet
2 participants
@aanderse @flokli