From 02cd48717d5249876b181cf9555a48041dd33ae7 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?L=C3=A9o=20Gaspard?= Date: Mon, 13 Jun 2022 15:28:12 +0200 Subject: [PATCH] nixos/openldap: fix systemd rejecting notification (#177084) On one of the two machines I have running openldap, openldap failed to start due to a "timeout". Increasing the allowed startup delay didn't help. I noticed the following in logs: ``` openldap.service: Got notification message from PID 5224, but reception only permitted for main PID 5223 ``` It turns out that on this machine at least, openldap apparently sends the notification from a non-main process, which means that we need this NotifyAccess setting for systemd to record that it successfully started. Without it, after 30 seconds systemd kills the process because it didn't receive the sd_notify call. Somehow the other machine I have on nixos running ldap works fine even without this, but I could not figure out what changes the behavior. Given that AFAIU NotifyAccess still restricts to "from the cgroup of the service", I think this change should be safe. --- nixos/modules/services/databases/openldap.nix | 1 + 1 file changed, 1 insertion(+) diff --git a/nixos/modules/services/databases/openldap.nix b/nixos/modules/services/databases/openldap.nix index 1967a2371bdd..d80d1b07b97c 100644 --- a/nixos/modules/services/databases/openldap.nix +++ b/nixos/modules/services/databases/openldap.nix @@ -312,6 +312,7 @@ in { "-h" (lib.concatStringsSep " " cfg.urlList) ]); Type = "notify"; + NotifyAccess = "all"; PIDFile = cfg.settings.attrs.olcPidFile; }; };