[Pkg-utopia-maintainers] Bug#859451: dbus: error messages on boot for systems with NSS LDAP

Laurent Bonnaud L.Bonnaud at laposte.net
Tue Apr 4 11:53:45 UTC 2017 

On 04/04/2017 13:29, Simon McVittie wrote:

> Sorry, I meant /etc/dbus-1/system.d/*.conf 

No problem!  This system has only standard unmodified stuff:

# ls -l /etc/dbus-1/system.d/
total 48
-rw-r--r-- 1 root root   947 May 26  2015 org.freedesktop.hostname1.conf
-rw-r--r-- 1 root root   937 May 26  2015 org.freedesktop.locale1.conf
-rw-r--r-- 1 root root 12499 Jul 28  2016 org.freedesktop.login1.conf
-rw-r--r-- 1 root root  1604 Jul 28  2016 org.freedesktop.network1.conf
-rw-r--r-- 1 root root   953 Jul 28  2016 org.freedesktop.resolve1.conf
-rw-r--r-- 1 root root 11898 Mar  2 09:21 org.freedesktop.systemd1.conf
-rw-r--r-- 1 root root   947 May 26  2015 org.freedesktop.timedate1.conf

> For completeness, several other paths could potentially
> mention users and groups, including /etc/dbus-1/system-local.conf
> and /usr/share/dbus-1/system.d/*.conf.

Those do not exist on this system.

> The bus configuration often also references group names and identities -
> are those all local? (I suspect not.)

In fact dbus is only installed as a dependency for libpam-systemd and I did not touch anything.

> Alternatively, your NSS configuration might be such that the NSS-backed
> library calls that dbus-daemon uses during configuration loading (mainly
> getpwuid_r() and getgrnam_r() I think) hit the network even if the
> group is configured locally.

In /etc/nsswitch.conf LDAP is configured as follows:

passwd:         files ldap
group:          files ldap

and I use the following packages:

ii  libnss-ldapd:amd64                 0.9.7-2                        amd64        NSS module for using LDAP as a naming service
ii  libpam-ldapd:amd64                 0.9.7-2                        amd64        PAM module for using LDAP as an authentication service

> I'd rather not: this is very much an "at own risk, if you are absolutely
> sure you know what you are doing" option that can easily cause circular
> dependencies. (Much like getting your user and group information from
> the network, in fact...)

The suggestion in README.Debian could be preceded with a big warning such as: 

  "Warning, the following only applies to systems that use /etc/network/interfaces for network configuration and not daemons that use dbus such as NetworkManager, ConnMan, wicd, ..."

-- 
Laurent.

More information about the Pkg-utopia-maintainers mailing list