From nobody Tue Aug 20 17:39:06 2024 X-Original-To: freebsd-questions@mlmmj.nyi.freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2610:1c1:1:606c::19:1]) by mlmmj.nyi.freebsd.org (Postfix) with ESMTP id 4WpGtC4Qrlz5TVqc for ; Tue, 20 Aug 2024 17:39:15 +0000 (UTC) (envelope-from gray@nxg.name) Received: from mx2.mythic-beasts.com (mx2.mythic-beasts.com [IPv6:2a00:1098:0:82:1000:0:2:1]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits) key-exchange ECDHE (P-256) server-signature RSA-PSS (4096 bits) server-digest SHA256) (Client did not present a certificate) by mx1.freebsd.org (Postfix) with ESMTPS id 4WpGtB01Zmz4HpM for ; Tue, 20 Aug 2024 17:39:14 +0000 (UTC) (envelope-from gray@nxg.name) Authentication-Results: mx1.freebsd.org; dkim=pass header.d=nxg.name header.s=mythic-beasts-k1 header.b=agnmRXyv; dmarc=none; spf=pass (mx1.freebsd.org: domain of gray@nxg.name designates 2a00:1098:0:82:1000:0:2:1 as permitted sender) smtp.mailfrom=gray@nxg.name DKIM-Signature: v=1; a=rsa-sha256; q=dns/txt; c=relaxed/relaxed; d=nxg.name; s=mythic-beasts-k1; h=Date:Subject:To:From; bh=ikfrzCG8gVKF5CLZ7z4F6PcMsM008CSj8pIYYm6kru8=; b=agnmRXyv1g0fSJjnSEzLkia1MM 3Zv4SBq7bvShIctDMV6H/1pZtx3tjEtxkVSZaNkk85bF6YEvF2a5s5feX6xWxymo4qOSq++pu1EwF L1yuaEvwl1aD4MhQerbNbbZI02a8X1GW99kKbXWpTb5b1bIKKoB+nlUqIvxz3bZvwdvCdOmYaZDZ+ l2P+TolNv50AbxNBRbXk/G4OxjWuTzETdWHy+UDemK+CfcC6o/hCBL3hJX9SxxCkRx7zrSAaV41NS ov19OwQaV9u0F2UXogJ/3i7AyjgRDeKApwYXACLuYrQP6l77XpVPj54+sIeJGZQywUyczDhgB+N5f 2Bl9HcJg==; Received: by mailhub-hex-d.mythic-beasts.com with esmtpsa (TLS1.2) tls TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384 (Exim 4.94.2) (envelope-from ) id 1sgSp5-006kLz-Ee; Tue, 20 Aug 2024 18:39:11 +0100 From: Norman Gray To: FreeBSD Questions Subject: ypldap and ypserv -- frenemies? Date: Tue, 20 Aug 2024 18:39:06 +0100 X-Mailer: MailMate (1.14r5964) Message-ID: <90F7E969-FBC8-4CD9-A62B-D2E84B8953ED@nxg.name> List-Id: User questions List-Archive: https://lists.freebsd.org/archives/freebsd-questions List-Help: List-Post: List-Subscribe: List-Unsubscribe: X-BeenThere: freebsd-questions@freebsd.org Sender: owner-freebsd-questions@FreeBSD.org MIME-Version: 1.0 Content-Type: text/plain Content-Transfer-Encoding: quoted-printable X-BlackCat-Spam-Score: 34 X-Spam-Status: No, score=3.4 X-Spamd-Bar: -- X-Spamd-Result: default: False [-2.60 / 15.00]; NEURAL_HAM_MEDIUM(-1.00)[-1.000]; SUBJECT_ENDS_QUESTION(1.00)[]; NEURAL_HAM_LONG(-1.00)[-1.000]; NEURAL_HAM_SHORT(-1.00)[-0.998]; RCVD_DKIM_ARC_DNSWL_MED(-0.50)[]; R_MISSING_CHARSET(0.50)[]; RCVD_IN_DNSWL_MED(-0.20)[2a00:1098:0:82:1000:0:2:1:from]; R_DKIM_ALLOW(-0.20)[nxg.name:s=mythic-beasts-k1]; R_SPF_ALLOW(-0.20)[+ip6:2a00:1098:0:82:1000:0:2:0/112]; MIME_GOOD(-0.10)[text/plain]; ONCE_RECEIVED(0.10)[]; DMARC_NA(0.00)[nxg.name]; MID_RHS_MATCH_FROM(0.00)[]; RCPT_COUNT_ONE(0.00)[1]; MIME_TRACE(0.00)[0:+]; ARC_NA(0.00)[]; TO_DN_ALL(0.00)[]; RCVD_TLS_ALL(0.00)[]; MLMMJ_DEST(0.00)[freebsd-questions@freebsd.org]; ASN(0.00)[asn:44684, ipnet:2a00:1098::/32, country:GB]; RCVD_VIA_SMTP_AUTH(0.00)[]; TO_MATCH_ENVRCPT_ALL(0.00)[]; RCVD_COUNT_ONE(0.00)[1]; DKIM_TRACE(0.00)[nxg.name:+]; FROM_EQ_ENVFROM(0.00)[]; FROM_HAS_DN(0.00)[] X-Rspamd-Queue-Id: 4WpGtB01Zmz4HpM Greetings. I'm trying to use ypldap, to ease one stage in a move away from NIS. I h= ave a test/transitional configuration which works when I invoke ypldap wi= th the -d flag (which avoids daemonisation), but which _doesn't_ work whe= n I invoke it the expected way, daemonised. 'Doesn't work' here, means that a client querying the daemonised ypldap s= erver gets a 'do_ypcall: clnt_call: RPC: Unable to receive; errno =3D Con= nection refused' response. It gets a normal working response when it que= ries the undaemonised one. I'm perplexed at why this should be so. It's _presumably_ something to d= o with the permissions of the _ypldap user, but I haven't done anything c= lever there. I've confirmed that the _ypldap user can do the relevant LDAP lookup. An odd thing is that the /etc/rc.d/ypldap script includes ypldap_precmd() { force_depend ypserv nis_server || return 1 } That seems to include a dependency on ypserv, but as the ypldap(8) manpag= e very intelligibly notes, 'ypldap has the same role as ypserv(8) and the= two daemons are exclusive.' And when I try to start ypldap that way, I = get a warning /etc/rc.d/ypserv: WARNING: NIS domainname(1) is not set. but ypserv does start. If I do the basic configuration to let ypserv sta= rt without error, I still don't get a working response from ypldap (and I= don't really expect to in that case). The only online commentary I can find is at [1], from 2016, which seems t= o be reporting similar behaviour. I feel I'm substantially misunderstanding something. Any ideas? Best wishes, Norman [1] https://groups.google.com/g/muc.lists.freebsd.stable/c/nO0NMaSbD7o -- = Norman Gray : https://nxg.me.uk