The shipped Makefile does only create db files from /etc/passwd and /etc/group. If the AWK command would be using "getent passwd" and "getent group", it would also dump a full user and group list. For example nslcd/slapd PosixAccount/-Groups. If systemd starts up a server that has non-local users, some services might fail while booting, because some users/groups would be missing. If patching the Makefile and running it in a cronjob (or systemd-timer), booting would succeed even, if nslcd and slapd are still starting. A candidate that fails with this is php-fpm. On my server, I have users in LDAP and php fails always with unknown users. Here is, what I did in the Makefile: ------------------------------------------------------------ ... GETENT = getent ... $(VAR_DB)/passwd.db: /etc/passwd @printf %s "$(patsubst %.db,%,$(@F))... " @$(GETENT) passwd | $(AWK) 'BEGIN { FS=":"; OFS=":" } \ /^[ \t]*$$/ { next } \ /^[ \t]*#/ { next } \ /^[^#]/ { printf ".%s ", $$1; print; \ printf "=%s ", $$3; print }' | \ $(MAKEDB) -o $@ - @echo "done." $(VAR_DB)/group.db: /etc/group @printf %s "$(patsubst %.db,%,$(@F))... " @$(GETENT) group | $(AWK) 'BEGIN { FS=":"; OFS=":" } \ /^[ \t]*$$/ { next } \ /^[ \t]*#/ { next } \ /^[^#]/ { printf ".%s ", $$1; print; \ printf "=%s ", $$3; print; \ if ($$4 != "") { \ split($$4, grmems, ","); \ for (memidx in grmems) { \ mem=grmems[memidx]; \ if (members[mem] == "") \ members[mem]=$$3; \ else \ members[mem]=members[mem] "," $$3; \ } \ delete grmems; } } \ END { for (mem in members) \ printf ":%s %s %s\n", mem, mem, members[mem]; }' | \ $(MAKEDB) -o $@ - @echo "done." ... ------------------------------------------------------------ As you see, I replaced the $< tag and added the getent options. In /etc/nsswitch.conf I have now: passwd: files ldap [NOTFOUND=return] db group: files ldap [NOTFOUND=return] db That works. Reproducible: Always Steps to Reproduce: 1. Use systemd instead of openrc 2. Have users and groups in LDAP 3. Have "ldap" in /etc/nsswitch.conf as shown above 4. Use nslcd and slapd 5. Have php-fpm i.e. and depend on LDAP users 6. Reboot the system and see how php-fpm fails on startup as LDAP/nslcd is not running at that time Actual Results: systemctl --failed always shows php-fpm as failed service Expected Results: All services booting cleanly. Fixing the Makefile in /var/db if a stable workaround. If that is not a solution, please let me know, because then I would have to create a PHP bug report.
My understanding of 'db' is to be a more efficint cache of local /etc/passwd. It's not designed to cache any other entries. But maybe I'm mistaken? You'll need to implement your own cache if you want. I think sys-auth/libnss-cache does something similar when it dumps /etc/passwd.cache. If you have boot-only problem (is that correct?) of username resolution it sounds like you need network online first before trying to resolve external usernames. You might need to ask systemd maintainers and/of respective package maintainers.
This is probably something that should either be done upstream or as local configuration.
