nslcd should have tomcat7 and tomcat8 in X-Start-Before
Bug #1605167 reported by
John Cooper
This bug affects 1 person
Affects | Status | Importance | Assigned to | Milestone | |
---|---|---|---|---|---|
nss-pam-ldapd (Ubuntu) |
New
|
Undecided
|
Unassigned |
Bug Description
To make sure that ldap users are available to run services as on boot up the nslcd daemon has a X-Start-Before header in it's init file, /etc/init.d/nslcd.
This currently has various services included apache and email servers but does not have tomcat services.
Could tomcat7 and tomcat8 both be added to the header so that they also wait for nslcd?
The error in the logs currently is:
start-
To post a comment you must log in.
I would strongly recommend against putting system users (e.g. tomcat user) in LDAP. Especially it is difficult to this right during boot and shutdown. The default configuration of nss-pam-ldapd also filters uids < 1000 out of queries to avoid this.
The reason that some services are listed in nslcd's init script in X-Start-Before is that those services (can) use normal user accounts. For example if a mail server would be started before nslcd is available mail could be rejected.