Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

nixos/ldap: remove redundant configuration options #78960

Merged
merged 2 commits into from Feb 3, 2020
Merged

Conversation

@aanderse
Copy link
Contributor

@aanderse aanderse commented Jan 31, 2020

Motivation for this change
Things done
  • Tested using sandboxing (nix.useSandbox on NixOS, or option sandbox in nix.conf on non-NixOS linux)
  • Built on platform(s)
    • NixOS
    • macOS
    • other Linux distributions
  • Tested via one or more NixOS test(s) if existing and applicable for the change (look inside nixos/tests)
  • Tested compilation of all pkgs that depend on this change using nix-shell -p nixpkgs-review --run "nixpkgs-review wip"
  • Tested execution of all binary files (usually in ./result/bin/)
  • Determined the impact on package closure size (by running nix path-info -S before and after)
  • Ensured that relevant documentation is up to date
  • Fits CONTRIBUTING.md.
@aanderse
Copy link
Contributor Author

@aanderse aanderse commented Jan 31, 2020

@GrahamcOfBorg test ldap

@aanderse
Copy link
Contributor Author

@aanderse aanderse commented Jan 31, 2020

I guess the ldap test wasn't a good choice because apparently it is broken in master right now 😞
I tested this change and it eliminates error messages on nslcd.service restart.

@aanderse aanderse marked this pull request as ready for review Jan 31, 2020
@flokli
Copy link
Contributor

@flokli flokli commented Feb 1, 2020

Uff, it used to work…

Did you verify things still work with a local setup? I'd rather see this being tested somehow, if we can't get the tests to work right now…

@aanderse
Copy link
Contributor Author

@aanderse aanderse commented Feb 1, 2020

I deployed this change to a nixops machine and was able to access the machine via ssh with a password. I ran journalctl -f -u nslcd.service both while I deployed and while I logged in - there were no errors.

I'll run some more tests, including running a command via sudo as well as a local login and then report back 👍

@flokli
Copy link
Contributor

@flokli flokli commented Feb 2, 2020

@aanderse
Copy link
Contributor Author

@aanderse aanderse commented Feb 3, 2020

With this change I have confirmed that for an account authenticated via ldap:

  • remote ssh logins work with a password
  • remote ssh logins work with a key
  • local logins work with a password
  • sudo rules work
  • getent passwd username yields the expected results
  • getent.ldap passwd username yields the expected results
  • there are no more errors in journalctl

After reading through source code to better understand where these errors might be coming from, combined with the mentioned testing I believe this PR is ready for a merge.

@flokli
Copy link
Contributor

@flokli flokli commented Feb 3, 2020

Alright. Thanks :-)

@flokli flokli merged commit d4a951f into NixOS:master Feb 3, 2020
14 checks passed
14 checks passed
tests.ldap on aarch64-linux Failure
Details
tests.ldap on x86_64-linux Failure
Details
Evaluation Performance Report Evaluator Performance Report
Details
grahamcofborg-eval ^.^!
Details
grahamcofborg-eval-check-meta config.nix: checkMeta = true
Details
grahamcofborg-eval-darwin nix-instantiate --arg nixpkgs { outPath=./.; revCount=999999; shortRev="ofborg"; } ./pkgs/top-level/release.nix -A darwin-tested
Details
grahamcofborg-eval-nixos nix-instantiate --arg nixpkgs { outPath=./.; revCount=999999; shortRev="ofborg"; } ./nixos/release-combined.nix -A tested
Details
grahamcofborg-eval-nixos-manual nix-instantiate --arg nixpkgs { outPath=./.; revCount=999999; shortRev="ofborg"; } ./nixos/release.nix -A manual
Details
grahamcofborg-eval-nixos-options nix-instantiate --arg nixpkgs { outPath=./.; revCount=999999; shortRev="ofborg"; } ./nixos/release.nix -A options
Details
grahamcofborg-eval-nixpkgs-manual nix-instantiate --arg nixpkgs { outPath=./.; revCount=999999; shortRev="ofborg"; } ./pkgs/top-level/release.nix -A manual
Details
grahamcofborg-eval-nixpkgs-tarball nix-instantiate --arg nixpkgs { outPath=./.; revCount=999999; shortRev="ofborg"; } ./pkgs/top-level/release.nix -A tarball
Details
grahamcofborg-eval-nixpkgs-unstable-jobset nix-instantiate --arg nixpkgs { outPath=./.; revCount=999999; shortRev="ofborg"; } ./pkgs/top-level/release.nix -A unstable
Details
grahamcofborg-eval-package-list nix-env -qa --json --file .
Details
grahamcofborg-eval-package-list-no-aliases nix-env -qa --json --file . --arg config { allowAliases = false; }
Details
@aanderse aanderse deleted the aanderse:nslcd branch Feb 3, 2020
dtzWill added a commit to dtzWill/nixpkgs that referenced this pull request Feb 4, 2020
nixos/ldap: remove redundant configuration options

(cherry picked from commit d4a951f)
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Projects
None yet
Linked issues

Successfully merging this pull request may close these issues.

None yet

2 participants
You can’t perform that action at this time.