Re: [webmin-l] LDAP Users and Groups - Problem adding new users

[Jamie C. <jca...@we...>]

On 24/Nov/2005 16:46 Murray Trainer wrote ..
> On Thu, 2005-11-24 at 13:36, Jamie Cameron wrote:
> > On 24/Nov/2005 16:31 Murray Trainer wrote ..
> > > On Wed, 2005-11-23 at 20:04, Murray Trainer wrote:
> > > > On Wed, 2005-11-23 at 19:06, Jamie Cameron wrote:
> > > > > On 23/Nov/2005 20:18 Murray Trainer wrote ..
> > > > > > Hi Jamie,
> > > > > > 
> > > > > > The module itself works fine when I add a new LDAP user but the
> script
> > > > > > it runs to configure the new user's Linux account after the user
> > > is
> > > > > > created, broke a few days ago.  I am not aware of anything being
> > > changed
> > > > > > so I'm not sure what caused this problem.  The shell script does
> > > an "su
> > > > > > - $USERADMIN_USER" to become the new user to run gconftool2 and
> other
> > > > > > things.  For some reason I started getting an error that the
> new
> > > user
> > > > > > I'm su'ing doesn't exist.  It appears to be something to do with
> > > the
> > > > > > name service cache daemon nscd.  I have hacked my script to restart
> > > nscd
> > > > > > from my script before I su to the new user - that fixes the problem
> > > for
> > > > > > now.  As a proper fix, shouldn't the webmin LDAP Users module
> do
> > > a flush
> > > > > > of the NSCD cache whenever it adds or removes users to make sure
> > > > > > everything is immediately in sync?
> > > > > 
> > > > > Actually, this should already happen.. If there is an nscd process
> > > running,
> > > > > it gets signalled to reload the cache with a HUP signal after a
> user
> > > is created.
> > > > > What command are you using to restart nscd?
> > > > 
> > > > I am still using Webmin 1.180 if that is a problem.  I will upgrade
> it
> > > > to the latest version is official.  I am using SuSE 9.1 and I am
> doing
> > > > an "/etc/rc.d/nscd" restart to work around the problem.  According
> to
> > > > that script SIGHUP doesn't work with nscd (not sure if that is only
> on
> > > > SuSE 9.1 or elsewhere):
> > > > 
> > > >     reload)
> > > >         # nscd does not support SIGHUP, so fail.
> > > >         echo -n "Reload Name Service Cache Daemon"
> > > >         rc_failed 3
> > > >         rc_status -v
> > > >         ;;
> > > > 
> > > > According to the above the LDAP Users module has probably never reloaded
> > > > the cache on SuSE 9.1.  
> > > > 
> > > > Murray
> > > Hi jamie,
> > > 
> > > Maybe a fix for this is to do an LDAP search for the newly
> > > created/deleted user immediately after they are created/deleted - would
> > > that update the cache that nscd uses as to whether the user actually
> > > exists or not?
> > 
> > Actually, the correct behaviour is for Webmin to run /etc/rc.d/nscd restart
> instead
> > of just sending a HUP signal. I will do this in the next release ..
> > 
> > Just querying the LDAP DB won't help, as the caching is not done by the
> LDAP server,
> > but rather by the separate nscd process.
> > 
> >  - Jamie
> 
> It seems a bit drastic to restart the daemon but I suppose there is no
> other way.

I with there was some way to signal nscd to flush it's cache, but I don't
know of any :(

> Will this fix be in the next official release or the
> development one?

Both :-)

 - Jamie