Nethserver-directory (openldap) update stall

The system was upgraded from RC2 to RC3, excluding nethserver-directory.
When updating nethserver-directory:

—> Package nethserver-directory.noarch 0:3.1.0-1.ns7 will be updated
—> Package nethserver-directory.noarch 0:3.1.1-1.ns7 will be an update

The installation does not finish (canceled by user after waiting 30 min.)
The waiting starts when nethserver-directory-sssd is executed:

I may be wrong but it seems it enters the if statement when it shouldn’t.
The problem happens when it reaches the instruction to execute nethserver-sssd-save, then it seems to enter into a loop.

If I read correctly, on this specific server nethserver-sssd-save calls (from S80nethserver-sssd-notifyclients):


And nethserver-directory-update calls nethserver-directory-sssd which may call nethserver-sssd-save if it enters the if statement.

nethserver-sssd version: nethserver-sssd-1.1.0-1.ns7.noarch


I would have preferred read your message 30 min ago :wink:

edit: also on my update it seems a loop on nethserver-sssd-save


@dnutan is probably right!

I propose to change the check on lines 3-4. We could test the LdapURI prop: if not empty, exit.

it is not empty in the following cases

  1. the action has already been run
  2. the admin set a remote account provider from Accounts provider page

Empty when

  1. clean ISO install
  2. the admin switched to none in Accounts provider page

We should open a bug on GH /cc @dev_team

1 Like

I tried to replicate the problem but I had no luck :confounded:
These are my steps:

  • Install RC2 from ISO
  • Enable RC2-only repos:

sed -i -e ‘s/^#baseurl/baseurl/’ -e ‘s/^mirrorlist/#mirrorlist/’ -e ‘s/mirror./packages./’ -e ‘s/$releasever/7.2.1511/g’ /etc/yum.repos.d/NethServer.repo

  • Install nethserver-directory: yum install nethserver-directory
  • Enable RC3 repos:

sed -i -e ‘s/^#baseurl/baseurl/’ -e ‘s/^mirrorlist/#mirrorlist/’ -e ‘s/mirror./packages./’ -e ‘s/7.2.1511/7.3.1611/g’ /etc/yum.repos.d/NethServer.repo

  • Update nethserver-directory and sssd: yum update nethserver* sssd*

The real change from RC2 and RC3 is the result of this call:

perl -mNethServer::SSSD -e "print NethServer::SSSD->new()->baseDN()"

On my machine named, the command returns:

  • RC2: dc=nethesis,dc=it
  • RC3: dc=directory,dc=nh

It should be a safe fix, but for now I think is not needed.


I suspected it was the culprit :laughing:

It is compatible with our analysis: the recursive call is triggered when the current suffix is not what we expect…

Right, It wouldn’t be necessary when there will not be rc2 around any more… Anyway I’d like to simplify that code and make it more predictable.

Followed your steps but couldn’t replicate the bug …until authconfig was added to the latter update command.

I’ve opened a PR:


tested on my stalled-firewall, with dpi installed but disabled (i don’t remember why :confused: )
re-executed signal-event nethserver-sssd-save, seems all ok (reboot ok, openvpn back to work)


Thank you for the patch review :blush:

Now we’ve a new package in testing. I’d release it ASAP!

1 Like

Tested and working fine.
Bravo :clap:


Also @pasing checked it out… I’d go with an official release.


Just uploaded to nethserver-updates:


Thanks to @giacomo:

1 Like