Upgrade from 10.04 to 12.04 server breaks configuration of nslcd
Affects | Status | Importance | Assigned to | Milestone | |
---|---|---|---|---|---|
nss-pam-ldapd (Debian) |
Fix Released
|
Unknown
|
|||
nss-pam-ldapd (Ubuntu) |
Fix Released
|
Undecided
|
Unassigned | ||
Precise |
Fix Released
|
High
|
Unassigned |
Bug Description
[IMPACT]
This bug affects people who use a mix of debconf and manual
configuration of the nslcd.conf file or possibly people who are
upgrading from an earlier release that does not include the
ldap-auth-type debconf configuration setting (there could be more
cases).
This breaks LDAP authentication on upgrades quietly removing LDAP users
from the system and will break it again if the package is
upgraded/
[TESTCASE]
The easiest way to trigger the underlying bug is to use debconf to
configure no authentication, then change the config by hand with the
binddn and bindpw options and then reinstall or upgrade.
apt-get purge nslcd
apt-get install libnss-ldapd nslcd
[with debconf choose no authentication]
[edit /etc/nslcd.conf and set binddn and bindpw]
[restart nslcd and verify that getent passwd returns LDAP users]
apt-get --reinstall install nslcd
You need an LDAP server to test this obviously.
[Regression Potential]
This fix was in Debian unstable (#670133, fixed in 0.8.8-1) and has not
seen any regressions so far. The change could have an affect for debconf
preseeding which is quite complex to do right.
Preconfiguring nslcd is much simpler when pre-installing an nslcd.conf
file (which will be preserved on installation) although debconf
preseeding should work for most configurations.
* Original Description *
Doing a do-release-upgrade from 10.04 server to 12.04 server breaks the configuration in /etc/nslcd.conf. Custom modifications are partially commented out, at least the directive bindpw is commented out which leaves nslcd non functioning after the release upgrade.
There was no question regarding overwriting the manually modified configuration file nor was the original one saved. Using ldap for authentication (e.g. in the pam stack and / or for nsswitch) this breaks the login process.
Related branches
Changed in nss-pam-ldapd (Ubuntu): | |
status: | New → Confirmed |
Changed in nss-pam-ldapd (Debian): | |
status: | Unknown → Fix Released |
summary: |
- Upgrade from 10.04 to 12.04 server brakes configuration of nslcd + Upgrade from 10.04 to 12.04 server breaks configuration of nslcd |
There recently were a few bugs regarding upgrades (some fixed) in Debian, see: bugs.debian. org/670133 bugs.debian. org/672301
http://
http://
Perhaps this is a duplicate of one of these bugs?
It would be helpful if you could post versions of nslcd before and after the upgrade and the contents of nslcd.conf.