Yesterday, excited, I’ve packed up libnss-ldap with the tool and a “quick & dirty” postinst script. I’ve packaged it not as a final version, even I’m not brave enough to check it with Linitan 🙂 , But It doesn’t really matter, now I’m not worrying about the correction of the package. This is just a quick solution to test how the tool update-nsswitch works in a real environment.

well… dpkg -i libpam-libnss-260.deb

YEAH, It doesn’t work!!!

Why? some Troubles have been found on our

  • – Cannot recognize and manage, when you try to use a DB that it doesn’t exist in the local nsswitch.conf
passwd: compat
group: compat
shadow: compat
hosts: files dns
networks: files
protocols: db files
services: db files
ethers: db files
rpc: db files
netgroup: nis

Here is a really common nsswitch.conf. If you use the tool calling it for updating the database (e.g sendmailvars) with the source (ldap) in the last position. The database doesn’t exist as seen above. Finish with non result without errors.

  • When using an “after” or “before” source to determine the position of our new source, the pattern “match too much”. What’s that? If we have two sources with the pattern as part of its name, we have a trouble.

This is just an example, files3 and filesauth, are not a valid or real sources

hosts: files dns files3 filesauth

If we try to update the hosts database positioning ldap before files

update-nsswitch –database=hosts –before=files –add ldap

The result is.

hosts: ldap files dns ldap files3 ldap filesauth
  • If we use an “after” or “before” source that it doesn’t exist at the line, it doesn’t do anything.

This condition will include that source in a default action that will be to be the last source on the line.

After this propably the tool will be 99.9% working. Except if any of my fixes make something buggy, this afternoon will be finished and tested, into the package we were talking about before.

Probably some issues have to be fixed with the other tool update-pam.d but now the work is to have a polite nsswitch updater and good postinst scripts.