Convert SysV init script to systemd unit files.
This change removes the SysV init script and creates the systemd unit files for nslcd and pynslcd daemons.In this process k5start is refactored out into its own systemd unit. Since it is not possible to use bash scripting within unit files and systemd requires full paths in certain places instead of using environment variables, there are some hard coded configuration items within systemd unit files. It should probably be documented somewhere how to do Kerberos configuration within systemd units.
The following testing has been done with the deb packages built with the fix:
-
LDAP Simple Bind Test
Test Steps:
1.1. Install libnss-ldap and nslcd with the fix in a test environment
where the client is Debian sid build and the ldap server is the Active Directory.1.2 Configure LDAP Properly bind binddn and bindpasswd in /etc/nslcd.conf
1.3 Run > getent passwd
Test Results: k5start-nslcd does not start k5start since the expected keytab file does
not exist hence it is assumed there is no SASL configuration. nslcd daemon is started and getent returns results from ldap server as well. nslcd is started upon installation as well as machine reboot. -
SASL Authentication (Kerberos) Test
Test Steps:
1.1. Install libnss-ldap and nslcd with the fix in a test environment
where the client is Debian sid build and the ldap server is the Active Directory.1.2 Configure Kerberos in the client properly - Install cyrus kerberos libraries - Create keytab file with the right principal. - Configure /erc/krb5.conf to include the kerberos realm in
Active Directory and Kerberos Server as Active Directory. - Configure nslcd to use SASL configuration in
/etc/nslcd.conf1.3 Run > getent passwd
Test Results: k5start-nslcd unit starts k5start as a daemon. nslcd daemon is started as well and getent returns results from ldap server. k5start and nslcd are both started upon installation as well as machine reboot.