Univention Bugzilla – Bug 31864
Add an UCR switch to enable univention-ucc-update-nss on every login
Last modified: 2014-06-12 09:20:03 CEST
By default "univention-ucc-update-nss" is only run at user login if the user is not known in "getent passwd". Whis this exception the passwd/group cache is only updates at system boot. We should add a UCR switch to allow "univention-ucc-update-nss" to run on every login. In small environments (== small passwd/group cache files) this should be no problem.
This avoid confusing effects where group memberships are not visible for users which haven't rebooted their client.
univention-ucc-update-nss is executed in in pam stack (auth optional).
(In reply to Felix Botner from comment #2) > univention-ucc-update-nss is executed in in pam stack (auth optional). True, but: (In reply to Janis Meybohm from comment #0) > ... is only run at user login if the user is not known in "getent passwd".
(In reply to Janis Meybohm from comment #3) > (In reply to Felix Botner from comment #2) > > univention-ucc-update-nss is executed in in pam stack (auth optional). > > True, but: > (In reply to Janis Meybohm from comment #0) > > ... is only run at user login if the user is not known in "getent passwd". sorry, i missed that Added ucc/nss/update/force to univention-ucc-update-nss. If set to true the "user already known" test is disabled.
root@test2:~# ucr get ucc/nss/update/force true I've created a new user and added it to "Domain Users". On the master the user is part of the group: root@master:~# getent group "Domain Users" Domain Users:*:5001:Administrator,jmm2,jmm3,jmm4,jmm,user07,user06,user05,user04,user03,user02,user01 But after a login on the client the user isn't visible: root@test2:~# getent group "Domain Users" Domain Users:*:5001:Administrator,jmm2,jmm3,jmm4,jmm,user06,user05,user04,user03,user02,user01
fixed ucc/nss/update/force test in univention-ucc-update-nss
Ok, working fine now
UCC 2.0 has been released: http://docs.univention.de/release-notes-ucc-2.0.html If this error occurs again, please use "Clone This Bug".