Date: Fri, 27 Sep 2013 12:07:51 GMT From: Mark Felder <feld@FreeBSD.org> To: freebsd-gnats-submit@FreeBSD.org Subject: ports/182441: [PATCH] net/nss-pam-ldapd: supervise nslcd with daemon Message-ID: <201309271207.r8RC7p9W060199@oldred.freebsd.org> Resent-Message-ID: <201309271210.r8RCA042059879@freefall.freebsd.org>
next in thread | raw e-mail | index | archive | help
>Number: 182441
>Category: ports
>Synopsis: [PATCH] net/nss-pam-ldapd: supervise nslcd with daemon
>Confidential: no
>Severity: non-critical
>Priority: low
>Responsible: freebsd-ports-bugs
>State: open
>Quarter:
>Keywords:
>Date-Required:
>Class: sw-bug
>Submitter-Id: current-users
>Arrival-Date: Fri Sep 27 12:10:00 UTC 2013
>Closed-Date:
>Last-Modified:
>Originator: Mark Felder
>Release:
>Organization:
>Environment:
>Description:
This patch adds supervision of the nslcd via daemon(8). It will auto-restart it if it crashes, and also continue trying to start the process in the background during boot under conditions where it would have normally failed to start because of networking not being completely up yet.
Without this functionality this port is vastly inferior to the old style net/nss_ldap and security/pam_ldap which do not use a daemon process and instead map shared libraries into every process which is a performance and security concern. nslcd also lowers the amount of ldap connections to your ldap servers as it keeps persistent connections open.
This patch adds the needed reliability to keep yourself from being locked out of your server or have other ldap-aware services fail because the nslcd daemon crashed.
>How-To-Repeat:
>Fix:
Patch attached with submission follows:
Index: nslcd.in
===================================================================
--- nslcd.in (revision 328001)
+++ nslcd.in (working copy)
@@ -5,14 +5,12 @@
# PROVIDE: nslcd
# REQUIRE: ldconfig resolv
# BEFORE: syslogd
+# KEYWORD: shutdown
#
# Add the following line to /etc/rc.conf to enable the nslcd daemon:
#
# nslcd_enable="YES"
#
-# Optional:
-# nslcd_debug="NO" - start nslcd in debugging mode (does not daemonize).
-#
. /etc/rc.subr
@@ -21,27 +19,33 @@
load_rc_config ${name}
-: ${nslcd_enable="NO"}
-: ${nslcd_debug="NO"}
+: ${nslcd_enable:=NO}
-command="%%PREFIX%%/sbin/${name}"
-pidfile="/var/run/${name}.pid"
-start_precmd="nslcd_prestart"
-start_postcmd="nslcd_poststart"
+command="/usr/sbin/daemon"
+command_args="-f -r %%PREFIX%%/sbin/nslcd -d"
+status_cmd=nslcd_status
+stop_cmd=nslcd_stop
-nslcd_prestart () {
- if checkyesno nslcd_debug
- then
- command_args="-d"
+nslcd_status()
+{
+ mypid=$(pgrep -f "daemon: %%PREFIX%%/sbin/nslcd")
+ if [ ! ${mypid} = '' ]; then
+ echo "${name} is running with PID ${mypid}";
+ else
+ echo "${name} not running?";
fi
}
-nslcd_poststart () {
- until $(%%PREFIX%%/sbin/${name} -c); do
- echo " Waiting for nslcd to start"
- sleep 1
- done
+nslcd_stop()
+{
+ mypid=$(pgrep -f "daemon: %%PREFIX%%/sbin/nslcd")
+ if [ ! ${mypid} = '' ]; then
+ echo "Stopping ${name}";
+ kill -TERM ${mypid};
+ wait_for_pids ${mypid};
+ else
+ echo "${name} not running?";
+ fi
}
-
run_rc_command "$1"
>Release-Note:
>Audit-Trail:
>Unformatted:
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?201309271207.r8RC7p9W060199>