I've been fighting with bug #1000205 in the latest LTS Ubuntu 12.04 "Precise". Every time I've done a do-release-upgrade on a server, when it reboots it breaks logins. All my LDAP users are no longer available.

My Puppet configurations deploy the proper config file for nslcd, so when this happens I just have to wait for the server to get the correct config file from Puppet, then manually reboot the box. Unfortunately this requires physical access to the server, and I have servers in offsite locations as well.

I finally figured out an easy fix that I can pre-deploy with Puppet. I just wrote a simple script to replace the nslcd.conf file with a known good copy prior to starting the nslcd daemon.

So, here's the basics. I already had the following in my Puppet deployment:

	file {"/etc/nslcd.conf":
		source => "puppet:///modules/ldapclient/nslcd.conf",
		owner => root,
		group => root,
		mode => 644,
		require => Package["ldap-auth-client"],
	}

So I added a second copy of that file on the systems with:

	file {"/etc/nslcd.keep":
		source => "puppet:///modules/ldapclient/nslcd.conf",
		owner => root,
		group => root,
		mode => 644,
	}

Then I added the following script as "fixnslcd":

cp /etc/nslcd.keep /etc/nslcd.conf

And deploy it as an init script as such:

	file {"/etc/init.d/fixnslcd":
		source => "puppet:///modules/ldapclient/fixnslcd",
		owner => root,
		group => root,
		mode => 755,
		require => File["/etc/nslcd.keep"],  
	}

And finally I activate the init script to run every boot just before nslcd starts:

	exec { "installfixnslcd":
   	 	command => "update-rc.d fixnslcd start 18 2 3 4 5 .",
    	require => File["/etc/init.d/fixnslcd"],  
    	creates => "/etc/rc3.d/S18fixnslcd",
    }

After Puppet has deployed the fix, I can safely do a "do-release-upgrade" without fear that I will lose network login ability after the upgrade is finished.

Supposedly Canonical has a fix released, but wherever it got released still isn't helping me when I run a distribution upgrade.