Bug 31864 - Add an UCR switch to enable univention-ucc-update-nss on every login
Add an UCR switch to enable univention-ucc-update-nss on every login
Status: CLOSED FIXED
Product: Univention Corporate Client (UCC)
Classification: Unclassified
Component: User logins
unspecified
Other Linux
: P5 enhancement
: UCC 2.0
Assigned To: Felix Botner
Moritz Muehlenhoff
: interim-3
Depends on:
Blocks:
  Show dependency treegraph
 
Reported: 2013-07-01 16:04 CEST by Janis Meybohm
Modified: 2014-06-12 09:20 CEST (History)
1 user (show)

See Also:
What kind of report is it?: ---
What type of bug is this?: ---
Who will be affected by this bug?: ---
How will those affected feel about the bug?: ---
User Pain:
Enterprise Customer affected?:
School Customer affected?:
ISV affected?:
Waiting Support:
Ticket number:
Bug group (optional):
Max CVSS v3 score:


Attachments

Note You need to log in before you can comment on or make changes to this bug.
Description Janis Meybohm univentionstaff 2013-07-01 16:04:50 CEST
By default "univention-ucc-update-nss" is only run at user login if the user is not known in "getent passwd". Whis this exception the passwd/group cache is only updates at system boot.

We should add a UCR switch to allow "univention-ucc-update-nss" to run on every login. In small environments (== small passwd/group cache files) this should be no problem.
Comment 1 Moritz Muehlenhoff univentionstaff 2013-12-17 12:07:00 CET
This avoid confusing effects where group memberships are not visible for users which haven't rebooted their client.
Comment 2 Felix Botner univentionstaff 2014-05-12 13:30:49 CEST
univention-ucc-update-nss is executed in in pam stack (auth optional).
Comment 3 Janis Meybohm univentionstaff 2014-05-13 14:20:07 CEST
(In reply to Felix Botner from comment #2)
> univention-ucc-update-nss is executed in in pam stack (auth optional).

True, but:
(In reply to Janis Meybohm from comment #0)
> ... is only run at user login if the user is not known in "getent passwd".
Comment 4 Felix Botner univentionstaff 2014-05-13 15:04:38 CEST
(In reply to Janis Meybohm from comment #3)
> (In reply to Felix Botner from comment #2)
> > univention-ucc-update-nss is executed in in pam stack (auth optional).
> 
> True, but:
> (In reply to Janis Meybohm from comment #0)
> > ... is only run at user login if the user is not known in "getent passwd".

sorry, i missed that

Added ucc/nss/update/force to univention-ucc-update-nss. If set to true the "user already known" test is disabled.
Comment 5 Moritz Muehlenhoff univentionstaff 2014-05-19 08:41:36 CEST
root@test2:~# ucr get ucc/nss/update/force
true

I've created a new user and added it to "Domain Users". On the master the user is part of the group:

root@master:~# getent group "Domain Users"
Domain Users:*:5001:Administrator,jmm2,jmm3,jmm4,jmm,user07,user06,user05,user04,user03,user02,user01

But after a login on the client the user isn't visible:

root@test2:~# getent group "Domain Users"
Domain Users:*:5001:Administrator,jmm2,jmm3,jmm4,jmm,user06,user05,user04,user03,user02,user01
Comment 6 Felix Botner univentionstaff 2014-05-20 11:47:20 CEST
fixed ucc/nss/update/force test in univention-ucc-update-nss
Comment 7 Moritz Muehlenhoff univentionstaff 2014-05-20 15:11:02 CEST
Ok, working fine now
Comment 8 Moritz Muehlenhoff univentionstaff 2014-06-12 09:20:03 CEST
UCC 2.0 has been released:
 http://docs.univention.de/release-notes-ucc-2.0.html

If this error occurs again, please use "Clone This Bug".