Ubuntu
ldap-auth-client package

debconf configuration for SSL/TLS is missing in ldap-auth-config

Bug #1159770 reported by Paul Boven
6
This bug affects 1 person
Affects Status Importance Assigned to Milestone
ldap-auth-client (Ubuntu)
Triaged
Wishlist
Unassigned

Bug Description

The file /etc/ldap.conf contains the settings for LDAP authentication. The recommended way of configuring this file and LDAP authentication, is through debconf. However, there is no way to specify whether TLS or SSL must be used for LDAP authentication, and without this setting, the user passwords will be sent in cleartext over the network.

Release: Ubuntu 12.04.2 LTS
Version: ldap-auth-config: Installed: 0.5.3

Expected: To be able to set up secure LDAP authentication through debconf

Instead: Configuring that TLS or SSL is required, is not possible. This also means that it cannot be preseeded during automated installs.

To enable TLS or SSL, the /etc/ldap.conf must contain "ssl start_tls' or 'ssl on' as appropriate. These are available already in the file, but currently commented out. These can be failry easily brought under debconf control, would only require a new question in control/Templates, and code in control/postinst.

See original description
Tags: patch precise
Paul Boven (p-boven)
description: updated
Revision history for this message
Paul Boven (p-boven) wrote :

Corrected name of package: the actual configuration is done in ldap-auth-config.

Revision history for this message
Paul Boven (p-boven) wrote :

Upstream bug: http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=432537

Revision history for this message
Paul Boven (p-boven) wrote :

Proposal patch to enable configuring SSL through debconf.

Revision history for this message
Ubuntu Foundations Team Bug Bot (crichton) wrote :

The attachment "ldap-auth-config_sever-ssl.patch" seems to be a debdiff. The ubuntu-sponsors team has been subscribed to the bug report so that they can review and hopefully sponsor the debdiff. If the attachment isn't a patch, please remove the "patch" flag from the attachment, remove the "patch" tag, and if you are member of the ~ubuntu-sponsors, unsubscribe the team.

[This is an automated message performed by a Launchpad user owned by ~brian-murray, for any issue please contact him.]

tags: added: patch
Daniel T Chen (crimsun)
Changed in ldap-auth-client (Ubuntu):
importance: Undecided → Wishlist
status: New → Triaged
Revision history for this message
Brian Murray (brian-murray) wrote :

Before this issue can be considered for fixing in Ubuntu 12.04 it must first be fixed in the development release of Ubuntu, Raring which will become 13.04. For more information regarding the stable release updates process please see http://wiki.ubuntu.com/StableReleaseUpdates.

tags: added: precise
Revision history for this message
Brian Murray (brian-murray) wrote :

I'm unsubscribing the sponsors team as this first needs fixing in Raring as I previously mentioned.

To post a comment you must log in.
This report contains Public information  
Everyone can see this information.
Subscribing...

Other bug subscribers

Remote bug watches

Bug watches keep track of this bug in other bug trackers.