commit 02cd48717d5249876b181cf9555a48041dd33ae7 · pyrox.dev/nixpkgs

pyrox.dev / nixpkgs

lol

nixos/openldap: fix systemd rejecting notification (#177084)

On one of the two machines I have running openldap, openldap failed to start due to a "timeout". Increasing the allowed startup delay didn't help.

I noticed the following in logs:
```
openldap.service: Got notification message from PID 5224, but reception only permitted for main PID 5223
```

It turns out that on this machine at least, openldap apparently sends the notification from a non-main process, which means that we need this NotifyAccess setting for systemd to record that it successfully started. Without it, after 30 seconds systemd kills the process because it didn't receive the sd_notify call.

Somehow the other machine I have on nixos running ldap works fine even without this, but I could not figure out what changes the behavior.

Given that AFAIU NotifyAccess still restricts to "from the cgroup of the service", I think this change should be safe.

authored by Léo Gaspard and committed by GitHub 3 years ago 02cd4871 a1ad2357

1 changed file

expand all

unified split

nixos

modules

services

databases

openldap.nix

nixos/modules/services/databases/openldap.nix

··· 312 312 "-h" (lib.concatStringsSep " " cfg.urlList) 313 313 ]); 314 314 Type = "notify"; 315 + NotifyAccess = "all"; 315 316 PIDFile = cfg.settings.attrs.olcPidFile; 316 317 }; 317 318 };