On 12.01.23 17:19, Ronald Wimmer via FreeIPA-users wrote:
On 12.01.23 16:28, Rob Crittenden wrote:
> Ronald Wimmer via FreeIPA-users wrote:
>> I do have a sytemd service unit that uses an IPA used. However, upon
>> reboot it seems that that particular IPA user is not available upon
>> start of that particular systemd service.
>>
>> Using "After=sssd.service" is not sufficient.
>>
>> What would you recommend in this case?
>> (I am looking for a reliable systemd solution and do not want to rely on
>> a script checking for a particular user with getent for example)
>
> You may want to cross-post to the sssd-users list.
>
> I'd try nss-user-lookup.target instead. According to systemd.special(7):
>
> nss-user-lookup.target
>
> A target that should be used as synchronization point for all regular
> UNIX user/group name service lookups. Note that this is independent of
> host/network name lookups for which nss-lookup.target should be used.
> All services for which the availability of the full user/group database
> is essential should be ordered after this target, but not pull it in.
> All services which provide parts of the user/group database should be
> ordered before this target, and pull it in. Note that this unit is only
> relevant for regular users and groups — system users and groups are
> required to be resolvable during earliest boot already, and hence do not
> need any special ordering against this target.
Thanks for your input Rob! Unfortunately, nss-lookup.target also seems
not to be sufficient. I've asked in the SSSD mailing list:
https://lists.fedorahosted.org/archives/list/sssd-users@lists.fedorahoste...
This is another topic I need to bump as there was no response in the
SSSD users mailing list. Maybe Pavel can give some input here?
Cheers,
Ron