I have upgraded a 16.04 system which worked/booted perfectly with libnss-ldap being used by nsswitch for passwd, shadow and groups to 17.10. The system took a long time to boot, could not bring up networking properly (running dhclient in 90 second intervals, possibly a timeout) and could not start systemd-logind.
After using nss_initgroups_ignoreusers as stated by Graham Eames in #14 and adding a new line as suggested by Thomas Werschlein in #24, the system started bhaving normally again.
You can use the following command, which I stole from stackexchange, to populate the nss_initgroups_ignoreusers paramter automatically:
#NSS_IGNOREUSERS="$(cut -d: -f1 /etc/passwd | sort | tr '\n' ',' | sed 's|,$||')"
#sed -i "s|^nss_initgroups_ignoreusers.*|nss_initgroups_ignoreusers ${NSS_IGNOREUSERS}|" /etc/ldap.conf
However you will have to add a new line afterwards!
In short: This issue affects 17.10, too.
Suggestion: libnss-ldap should have a paramter which makes it check the passwd/group files and using names which are in there in the nss_initgroups_ignoreusers paramter automatically. This should also be the default configuration, since systemd is the default also.
I have upgraded a 16.04 system which worked/booted perfectly with libnss-ldap being used by nsswitch for passwd, shadow and groups to 17.10. The system took a long time to boot, could not bring up networking properly (running dhclient in 90 second intervals, possibly a timeout) and could not start systemd-logind.
After using nss_initgroups_ ignoreusers as stated by Graham Eames in #14 and adding a new line as suggested by Thomas Werschlein in #24, the system started bhaving normally again.
You can use the following command, which I stole from stackexchange, to populate the nss_initgroups_ ignoreusers paramter automatically: S="$(cut -d: -f1 /etc/passwd | sort | tr '\n' ',' | sed 's|,$||')" initgroups_ ignoreusers. *|nss_initgroup s_ignoreusers ${NSS_IGNOREUSE RS}|" /etc/ldap.conf
#NSS_IGNOREUSER
#sed -i "s|^nss_
However you will have to add a new line afterwards!
In short: This issue affects 17.10, too.
Suggestion: libnss-ldap should have a paramter which makes it check the passwd/group files and using names which are in there in the nss_initgroups_ ignoreusers paramter automatically. This should also be the default configuration, since systemd is the default also.