--- libpam-ldap-184.orig/debian/LDAP-Permissions.txt +++ libpam-ldap-184/debian/LDAP-Permissions.txt @@ -0,0 +1,98 @@ +pam_ldap LDAP Actions +===================== + +The following list describes the actions on the LDAP server and the affected +LDAP objects and attributes that pam_ldap performs. + +The information contained in the list may be used to determine the required +permissions to objects and attributes in the directory. + +To be able to fully perform one of the listed action the accounts listed +below 'Accounts' need read access to the attributes listed below 'Attributes' +and compare access to the attributes listed in the filters below 'Filters' +of all objects in the directory branch that starts at 'Base'. + + +User Search +----------- +Account: + VALUE OF rootbinddn (if geteuid() == 0 and 'rootbinddn' is set) + VALUE OF binddn (if geteuid() != 0 or 'rootbinddn' isn't set) + anonymous (if 'binddn' is not set) +* Base: + VALUE OF nss_base_passwd + VALUE OF base (if 'nss_base_passwd' is not set) +* Filter: + AND combination of the following partial filters: + VALUE OF pam_filter + VALUE OF FILTER PART OF nss_base_passwd + (LoginAttr=UserName) + where + LoginAttr = VALUE OF pam_login_attribute (default: uid) + UserName = the account of the user + If either 'pam_filter' or 'nss_base_passwd' + is not set, the associated part is left out +* Attributes: + host + authorizedService + uidNumber + VALUE OF pam_template_login_attribute + shadowLastChange + shadowMin + shadowMax + shadowWarning + shadowInactive + shadowExpire + shadowFlag + + +Password-Change for a User +-------------------------- +Account: + VALUE OF rootbinddn (if geteuid() == 0 and 'rootbinddn' is set) + user's DN (as found in the 'User Search') +* Base: + VALUE OF nss_base_passwd + or + VALUE OF base (if 'nss_base_passwd' is not set) +* Attributes (write access necessary) + userPassword (if 'pam_password' is not set to 'ad') + unicodePwd (if 'pam_password' is set to 'ad') + shadowLastChange + + +Group Membership Search +----------------------- +* Comment: + only performed if 'pam_groupdn' is set +* Account: + VALUE OF rootbinddn (if geteuid() == 0 and 'rootbinddn' is set) + VALUE OF binddn (if geteuid() != 0 or 'rootbinddn' isn't set) + anonymous (if 'binddn' is not set) +* Base: + VALUE OF pam_groupdn +* Filter: + (MemberAttr=UserDN) + where + MemberAttr = VALUE OF pam_member_attribute (default: uniqueMember) + UserDN = user's DN (as found in 'User Search') + + +Passwort-Policy Search +---------------------- +* Comment: + only performed if 'pam_lookup_policy' is set to yes +* Account: + VALUE OF rootbinddn (if geteuid() == 0 and 'rootbinddn' is set) + VALUE OF binddn (if geteuid() != 0 or 'rootbinddn' isn't set) + anonymous (if 'binddn' is not set) +* Base: + TREE-ROOT +* Filter: + (objectclass=passwordPolicy) +* Attributes: + passwordMaxFailure + passwordMinLength + + + -- Peter Marschall --- libpam-ldap-184.orig/debian/README.Debian +++ libpam-ldap-184/debian/README.Debian @@ -0,0 +1,41 @@ +libpam-ldap for Debian +---------------------- + +- Be very careful when you use "sufficient pam_ldap.so" in Debian's +/etc/pam.d/common-* files: Some services can place other "required" +PAM-modules after the includes, which will be ignored if pam_ldap.so +succeeds. As a workaround, use something like the following construct: + # Check local authentication first, so root can still login + # while LDAP is down. + auth [success=1 default=ignore] pam_unix.so + auth required pam_ldap.so use_first_pass + auth required pam_permit.so +The third line is needed, so "success=1" can skip over one module and +still has a module to jump to. Without that, PAM segfaults! + +- If you want to use the "pam_check_host_attr" feature, make sure +"pam_unix.so" doesn't provide a valid "account" via the Name Service +Switch (NSS), which overrides your LDAP configuration. Don't use "ldap" +for "shadow" in /etc/nsswitch.conf, just use "shadow: files". For PAM, +use something like the following: + # Try local /etc/shadow first and skip LDAP on success + account [success=1 default=ignore] pam_unix.so + account required pam_ldap.so + account required pam_permit.so + +- Ubuntu uses /etc/ldap.conf as libpam-ldap's configuration file and +/etc/ldap.secret as the file to store the password of the rootbinddn. +This file is shared with libnss-ldap, which should work for most +configurations. If separate configuration files for libnss-ldap and +libpam-ldap are required, you can specify an alternate configuration file +in /etc/pam.d/common-* by adding a config= argument to the +pam_ldap.so entry, such as: + + auth sufficient pam_ldap.so config=/etc/pam_ldap.conf + +This would let you have two separate configurations: /etc/ldap.conf for +NSS, and /etc/pam_ldap.conf for PAM. Thanks to Etienne Goyer for pointing +this out. + +- See LDAP-Permissions.txt for details about the required LDAP permissions. + --- libpam-ldap-184.orig/debian/changelog +++ libpam-ldap-184/debian/changelog @@ -0,0 +1,964 @@ +libpam-ldap (184-8.7ubuntu1) vivid; urgency=low + + * Merge from Debian unstable. Remaining changes: + - debian/control: add a versioned dependency on ldap-auth-config, + to ensure pam-related consistency at all points. + - debian/control: removed Build-Depends on po-debconf (debconf handled + by ldap-auth-config now) + - Removed the following files, due to use of ldap-auth-config: + debian/config + debian/libpam-ldap.postrm + debian/po + debian/templates + - debian/libpam-ldap.dirs: removed etc + - debian/rules: don't use --with-ldap-conf-file and --with-ldap-secret-file + - debian/rules: remove binary-post-install/libpam-ldap stanza + - updated README.Debian + + -- Michael Vogt Tue, 28 Oct 2014 10:41:12 +0100 + +libpam-ldap (184-8.7) unstable; urgency=medium + + * Non-maintainer upload. + * Do not remove config files when removing the package from one architecture + in a multiarch environemnt. Closes: 706185 + + -- Breno Leitao Tue, 22 Jul 2014 14:31:57 +0000 + +libpam-ldap (184-8.6ubuntu1) utopic; urgency=low + + * Merge from Debian unstable. Remaining changes: + - debian/control: add a versioned dependency on ldap-auth-config, + to ensure pam-related consistency at all points. + - debian/control: removed Build-Depends on po-debconf (debconf handled + by ldap-auth-config now) + - Removed the following files, due to use of ldap-auth-config: + debian/config + debian/libpam-ldap.postrm + debian/po + debian/templates + - debian/libpam-ldap.dirs: removed etc + - debian/rules: don't use --with-ldap-conf-file and --with-ldap-secret-file + - debian/rules: remove binary-post-install/libpam-ldap stanza + - updated README.Debian + + -- Michael Vogt Tue, 13 May 2014 08:17:08 +0200 + +libpam-ldap (184-8.6) unstable; urgency=low + + * Non-maintainer upload. + * Support multiarch. Closes: #653681, #654163 + * Fix pending l10n issues. Debconf translations: + - Dutch; (Jeroen Schot). Closes: #655320 + - Polish (Michał Kułach). Closes: #664650 + + -- Christian Perrier Tue, 27 Mar 2012 18:23:08 +0200 + +libpam-ldap (184-8.5ubuntu3) quantal; urgency=low + + * Rebuild for new armel compiler default of ARMv5t. + + -- Colin Watson Fri, 05 Oct 2012 08:21:38 +0100 + +libpam-ldap (184-8.5ubuntu2) precise; urgency=low + + * Build for multiarch. + * Drop dh-buildinfo, which is not multiarch safe and redundant with build + logs. + * Hard-code a versioned dependency on the version of libpam0g that + supports the multiarch module directory. + + -- Steve Langasek Fri, 30 Dec 2011 00:19:03 -0800 + +libpam-ldap (184-8.5ubuntu1) oneiric; urgency=low + + * Merge from Debian unstable, remaining changes: + - debian/control: add a versioned dependency on ldap-auth-config, + to ensure pam-related consistency at all points. + - debian/control: removed Build-Depends on po-debconf (debconf handled + by ldap-auth-config now) + - Removed the following files, due to use of ldap-auth-config: + debian/config + debian/libpam-ldap.postrm + debian/po + debian/templates + - debian/libpam-ldap.dirs: removed etc + - debian/rules: don't use --with-ldap-conf-file and --with-ldap-secret-file + - debian/rules: remove binary-post-install/libpam-ldap stanza + - updated README.Debian + + -- Steve Langasek Sat, 04 Jun 2011 03:59:25 +0000 + +libpam-ldap (184-8.5) unstable; urgency=low + + * Non-maintainer upload. + * Fix pending l10n issues. Debconf translations: + - Spanish (Francisco Javier Cuadrado). Closes: #579510 + + -- Christian Perrier Sat, 17 Jul 2010 08:40:25 +0200 + +libpam-ldap (184-8.4ubuntu1) maverick; urgency=low + + * Merge from Debian unstable, remaining changes: + - debian/control: add a versioned dependency on ldap-auth-config, + to ensure pam-related consistency at all points. + - debian/control: removed Build-Depends on po-debconf (debconf handled + by ldap-auth-config now) + - Removed the following files, due to use of ldap-auth-config: + debian/config + debian/libpam-ldap.postrm + debian/po + debian/templates + - debian/libpam-ldap.dirs: removed etc + - debian/rules: don't use --with-ldap-conf-file and --with-ldap-secret-file + - debian/rules: remove binary-post-install/libpam-ldap stanza + - updated README.Debian + * Dropped changes: + - debian/libpam-ldap.postinst: pam upgrade handling for the hardy + version of libpam-ldap dropped + + -- Steve Langasek Fri, 04 Jun 2010 19:01:05 -0700 + +libpam-ldap (184-8.4) unstable; urgency=low + + * Non-maintainer upload. + * Fix "needs versioned dependency on libpam-runtime", thanks to Arthur de + Jong for providing the info in the bug report (closes: #578638). + + -- gregor herrmann Sun, 23 May 2010 17:25:49 +0200 + +libpam-ldap (184-8.3) unstable; urgency=low + + * Non-maintainer upload. + * Fix pending l10n issues. Debconf translations: + - Vietnamese (Clytie Siddall). Closes: #548000 + - Galician (Marce Villarino). Closes: #537422 + - Norwegian Bokmål (Bjørn Steensrud). Closes: #563361 + - Simplified Chinese (Ji ZhengYu). Closes: #563615 + + -- Christian Perrier Wed, 06 Jan 2010 22:58:52 +0100 + +libpam-ldap (184-8.2ubuntu1) lucid; urgency=low + + * Merge from Debian testing, remaining changes: + - debian/control: add a versioned dependency on ldap-auth-config, + to ensure pam-related consistency at all points. + - debian/control: removed Build-Depends on po-debconf (debconf handled + by ldap-auth-config now) + - debian/libpam-ldap.postinst: add pam upgrade handling for the hardy + version of libpam-ldap; can be dropped after lucid + - Removed the following files, due to use of ldap-auth-config: + debian/config + debian/libpam-ldap.postrm + debian/po + debian/templates + - debian/libpam-ldap.dirs: removed etc + - debian/rules: don't use --with-ldap-conf-file and --with-ldap-secret-file + - debian/rules: remove binary-post-install/libpam-ldap stanza + - updated README.Debian + + -- Steve Langasek Tue, 22 Dec 2009 21:46:49 -0800 + +libpam-ldap (184-8.2) unstable; urgency=low + + * Non-maintainer upload. + * Restore the libsasl2-dev build-dependency, the libnss-ldapd suggests, + and the libpam-runtime dependency, casualties of the previous NMU. + + -- Steve Langasek Fri, 04 Dec 2009 17:57:31 -0800 + +libpam-ldap (184-8.1ubuntu1) lucid; urgency=low + + * Merge from Debian testing, remaining changes: + - debian/control: add a versioned dependency on ldap-auth-config, + to ensure pam-related consistency at all points. + - debian/control: removed Build-Depends on po-debconf (debconf handled + by ldap-auth-config now) + - debian/libpam-ldap.postinst: add pam upgrade handling for the hardy + version of libpam-ldap; can be dropped after lucid + - Removed the following files, due to use of ldap-auth-config: + debian/config + debian/libpam-ldap.postrm + debian/po + debian/templates + - debian/libpam-ldap.dirs: removed etc + - debian/rules: don't use --with-ldap-conf-file and --with-ldap-secret-file + - debian/rules: remove binary-post-install/libpam-ldap stanza + - updated README.Debian + + -- Steve Langasek Fri, 04 Dec 2009 18:12:17 -0800 + +libpam-ldap (184-8.1) unstable; urgency=low + + * Non-maintainer upload. + * Add quilt to build dependencies (fix FTBFS) + * Add decent copyright and licence information in debian/copyright + * Add ${misc:Depends} to the binary package dependencies to cover + dependencies induced by debhelper utilities. Drop debconf + dependencies that are covered by this + * Versioned build dependency on debhelper >5 + * Debconf templates and debian/control reviewed by the debian-l10n- + english team as part of the Smith review project. Closes: #531557 + * [Debconf translation updates] + - Brazilian Portuguese. Closes: #532470 + - Czech. Closes: #532476 + - Finnish. Closes: #532506 + - Japanese. Closes: #532621 + - Slovak. Closes: #532962 + - Portuguese. Closes: #533243 + - Traditional Chinese. Closes: #533732 + - Italian. Closes: #533756 + - Russian. Closes: #533877 + - Swedish. Closes: #534245 + - German. Closes: #534336 + - French. Closes: #534390 + - Basque. Closes: #534438 + * Danish (Frank Damgaard). Closes: #546300 + + -- Christian Perrier Sun, 13 Sep 2009 19:52:51 +0200 + +libpam-ldap (184-8ubuntu1) karmic; urgency=low + + * Merge from Debian unstable, remaining changes: + - debian/libpam-ldap.{pam-auth-update,install,postinst,prerm}, + debian/rules: enable pam_ldap by default using pam-auth-update. + - debian/control: depend on libpam-runtime (>= 1.0.1-2ubuntu1) for the + above. + - debian/control: also add a versioned dependency on ldap-auth-config, + to ensure consistency at all points. + - debian/control: removed Depends on po-debconf and debconf (debconf + handled by ldap-auth-config now) + - Removed the following files + debian/config + debian/libpam-ldap.postrm + debian/patches/00chfn.patch + debian/patches/00chsh.patch + debian/po + debian/templates + - debian/libpam-ldap.dirs: removed etc + - debian/rules: don't use --with-ldap-conf-file and --with-ldap-secret-file + - debian/rules: remove binary-post-install/libpam-ldap stanza + - updated README.Debian + + -- Steve Langasek Fri, 01 May 2009 20:20:34 +0000 + +libpam-ldap (184-8) unstable; urgency=low + + * debian/libpam-ldap.{pam-auth-update,install,postinst,prerm}, + debian/rules: enable pam_ldap by default using the new + pam-auth-update support. + * debian/control: depend on libpam-runtime (>= 1.0.1-6) for the + above. + * The above two should fix the upgrade issue Closes: #517971 + * Pickup the lost pieces of the 184-4.2 NMU cleanups + Mea culpa -- and thanks to Christian Perrier ! + * Set libnss-ldapd as the preferred alternative (over libnss-ldap) + + -- Richard A Nelson (Rick) Wed, 04 Mar 2009 04:42:00 -0000 + +libpam-ldap (184-7) unstable; urgency=low + + * Build-Depend on quilt + + -- Richard A Nelson (Rick) Sun, 01 Mar 2009 04:12:00 -0000 + +libpam-ldap (184-6) unstable; urgency=low + + * Use quilt for patches + * Updated vi.po (thanks Clytie Siddall) Closes: #513360 + + -- Richard A Nelson (Rick) Sat, 28 Feb 2009 06:30:00 -0000 + +libpam-ldap (184-5) unstable; urgency=low + + * build-depend on libsasl2-dev Closes: #351176 + so that sasl mechs can be used (was used on my builds, but not buildd) + + -- Richard A Nelson (Rick) Thu, 03 Jul 2007 05:44:00 -0000 + +libpam-ldap (184-4.2ubuntu2) jaunty; urgency=low + + * debian/libpam-ldap.pam-auth-update: adjust to use the current + preferred syntax ('Foo' instead of 'Foo-Final'). + + -- Steve Langasek Tue, 03 Mar 2009 23:59:09 +0000 + +libpam-ldap (184-4.2ubuntu1) jaunty; urgency=low + + * Merge from Debian unstable, remaining changes: + - debian/libpam-ldap.{pam-auth-update,install,postinst,prerm}, + debian/rules: enable pam_ldap by default using pam-auth-update. + - debian/control: depend on libpam-runtime (>= 1.0.1-2ubuntu1) for the + above. + - debian/control: also add a versioned dependency on ldap-auth-config, + to ensure consistency at all points. + - debian/control: removed Depends on po-debconf and debconf (debconf + handled by ldap-auth-config now) + - Removed the following files + debian/config + debian/libpam-ldap.postrm + debian/patches/00chfn.patch + debian/patches/00chsh.patch + debian/po + debian/templates + - debian/libpam-ldap.dirs: removed etc + - debian/rules: don't use --with-ldap-conf-file and --with-ldap-secret-file + - debian/rules: remove binary-post-install/libpam-ldap stanza + - updated README.Debian + + -- Steve Langasek Fri, 14 Nov 2008 08:14:57 +0000 + +libpam-ldap (184-4.2) unstable; urgency=low + + * Non-maintainer upload. + * Fix spelling error in package description. Package description + rewritten with help of debian-l10n-english. Closes: #502782 + * Fix pending l10n issues. Debconf translations: + - Italian. Closes: #496322 + - Traditional Chinese. Closes: #503179 + - Bokmål, Norwegian. Closes: #503197 + - Danish. Closes: #503736 + + -- Christian Perrier Tue, 28 Oct 2008 22:52:02 +0100 + +libpam-ldap (184-4.1) unstable; urgency=low + + * Non-maintainer upload to fix pending l10n issues. + * Debconf translations: + - Russian. Closes: #480901 + + -- Christian Perrier Sat, 19 Jul 2008 10:00:47 +0200 + +libpam-ldap (184-4ubuntu2) intrepid; urgency=low + + * debian/libpam-ldap.{pam-auth-update,install,postinst,prerm}, + debian/rules: enable pam_ldap by default using the new + pam-auth-update support. + * debian/control: depend on libpam-runtime (>= 1.0.1-2ubuntu1) for the + above. + * debian/control: also add a versioned dependency on ldap-auth-config, + to ensure consistency at all points. + + -- Steve Langasek Wed, 27 Aug 2008 23:31:14 +0000 + +libpam-ldap (184-4ubuntu1) intrepid; urgency=low + + * Merge from debian unstable, remaining changes: + + debian/control: update Maintainer field now that in main + + debian/control: Depends on ldap-auth-config + + debian/control: removed Depends on po-debconf and debconf (debconf + handled by ldap-auth-config now) + + Removed the following files + debian/config + debian/libpam-ldap.postinst + debian/libpam-ldap.postrm + debian/patches/00chfn.patch + debian/patches/00chsh.patch + debian/po + debian/templates + + debian/libpam-ldap.dirs: removed etc + + debian/rules: don't use --with-ldap-conf-file and --with-ldap-secret-file + + debian/rules: remove binary-post-install/libpam-ldap stanza + + updated README.Debian + + -- Mathias Gug Thu, 19 Jun 2008 12:55:48 -0400 + +libpam-ldap (184-4) unstable; urgency=low + + * add fi.po Closes: #476790 + * update es.po Closes: #415293 + + -- Richard A Nelson (Rick) Mon, 21 Apr 2007 04:33:00 -0000 + +libpam-ldap (184-3) unstable; urgency=low + + * fix cases of pam_pam_ldap in man pages + * Use newer LDAP libraries + + -- Richard A Nelson (Rick) Sat, 22 Dec 2007 21:10:00 -0000 + +libpam-ldap (184-2ubuntu2) hardy; urgency=low + + * No-change rebuild against libldap-2.4-2. + + -- Steve Langasek Tue, 22 Jan 2008 17:09:57 +0000 + +libpam-ldap (184-2ubuntu1) hardy; urgency=low + + * Merged with Debian. Ubuntu changes are: + + debian/control: update Maintainer field now that in main + + debian/control: Depends on ldap-auth-config + + debian/control: removed Depends on po-debconf and debconf (debconf + handled by ldap-auth-config now) + + Removed the following files + debian/config + debian/libpam-ldap.postinst + debian/libpam-ldap.postrm + debian/patches/00chfn.patch + debian/patches/00chsh.patch + debian/po + debian/templates + + debian/libpam-ldap.dirs: removed etc + + debian/rules: don't use --with-ldap-conf-file and --with-ldap-secret-file + + debian/rules: remove binary-post-install/libpam-ldap stanza + + updated README.Debian + + -- Jamie Strandboge Wed, 21 Nov 2007 17:44:44 +0000 + +libpam-ldap (184-2) unstable; urgency=low + + * Add watch file + * New French debconf translation Closes: #425894 + * New Vietnamese debconf translation Closes: #426875 + * Catch bare ldap.secret in file & manpage Closes: #426727 + + -- Richard A Nelson (Rick) Sat, 23 Jun 2007 21:18:00 -0000 + +libpam-ldap (184-1ubuntu2) gutsy; urgency=low + + * updated README.Debian to refer to /etc/ldap.conf and /etc/ldap.secret. + Also added comment about how to use separate configuration files if + needed. + + -- Jamie Strandboge Fri, 12 Oct 2007 08:29:50 -0400 + +libpam-ldap (184-1ubuntu1) gutsy; urgency=low + + * Removed all debconf stuff. It will now be in ldap-auth-config. + * Changed to use /etc/ldap.conf. + + -- Rick Clark Wed, 01 Aug 2007 11:39:59 -0400 + +libpam-ldap (184-1) unstable; urgency=low + + * Survived i386 and amd64, let it loose + + -- Richard A Nelson (Rick) Mon, 14 May 2007 19:40:00 -0000 + +libpam-ldap (184-0) private; urgency=low + + * New maintainer + * New upstream release + * Bump DH_COMPAT to 5 + * Use (and build-depend on) dh_buildinfo + * Since cdbs is already in use, let it manage patching + - 00chfn.patch + - 00chsh.patch + - 00log_shadowlastchange_failure.patch + - 00username_for_memberuid.patch + * Drop patches applied upstream + - Fix error passing for PasswordPolicyResponse control responses + * Test a while... + + -- Richard A Nelson (Rick) Fri, 11 May 2007 05:15:00 -0000 + +libpam-ldap (180-1.7) unstable; urgency=high + + * Non-maintainer upload. + * High-urgency upload for RC bugfix. + * Check for both 'host' and 'uri' in the existing pam_ldap.conf, so + that uri entries aren't incorrectly discarded on upgrade. Also + handle ldapi:/// URIs in the postinst, rather than mistaking this + for a host entry. Closes: #407746. + * Use ldapi:/// as the default server value, not 127.0.0.1, since + ldapi is going to be more efficient than tcp + * Incorporate a postinst fix from libnss-ldap, so updates will + preferentially be made to the first *uncommented* instance of the + option in pam_ldap.conf, not just the first instance. + * Incorporate updated debconf templates from libnss-ldap where + appropriate; thanks to Christian Perrier for the assistance. + * Debian translations: + - Copy translations from libnss-ldap. This adds Catalan, Danish, + Spanish, Galician, Norwegian Bokmål, Russian (all incomplete right now) + - Include updated Galician translation; thanks to Jacobo Tarrio. + Closes: #412649. + - Include updated Brazilian Portuguese translation; thanks to André + Luis Lopes. Closes: #411545. + - Include updated German translation; thanks to Matthias Julius. + Closes: #413448. + - Include updated Czech translation; thanks to Miroslave Kure. + Closes: #413539. + - Include updated Dutch translation; thanks to Bart Cornelis. + * Use debconf substitutions for package name and file name in + templates; no direct benefit to this package alone, but allows + translators to translate the same string only once for libpam-ldap + and libnss-ldap. + + -- Steve Langasek Fri, 9 Mar 2007 02:35:03 -0800 + +libpam-ldap (180-1.6) unstable; urgency=low + + * Non-maintainer upload to fix pending l10n issues. + * Debconf translations: + - Swedish. Closes: #351309 + + -- Christian Perrier Sun, 4 Feb 2007 19:26:54 +0100 + +libpam-ldap (180-1.5) unstable; urgency=low + + * Non-maintainer upload to fix longstanding l10n issues + * Debconf translations: + - German updated. Closes: #395453 + - French updated. Closes: #352412 + - Czech updated. Closes: #360313 + - Dutch added. Closes: #366431 + - Japanese updated. Closes: #394530 + - Portuguese added. Closes: #403508 + + -- Christian Perrier Sun, 4 Feb 2007 19:26:52 +0100 + +libpam-ldap (180-1.4) unstable; urgency=low + + * Non-maintainer upload. + * Fix a brown paper bag bug in the last upload -- maybe I should check + shell syntax of my maintainer script fixes before uploading. :/ + Closes: #399787. + + -- Steve Langasek Tue, 21 Nov 2006 17:19:45 -0800 + +libpam-ldap (180-1.3) unstable; urgency=high + + * Non-maintainer upload. + * High-urgency upload for RC bugfix. + * Fix postinst handling to cope with uri values (i.e., ldaps://) in + addition to host values, instead of erroring out when libnss-ldap + has been configured first. Closes: #385950. + + -- Steve Langasek Mon, 20 Nov 2006 05:11:43 -0800 + +libpam-ldap (180-1.2) unstable; urgency=high + + * NMU for RC security bug. + * Fix error passing for PasswordPolicyResponse control responses. + (CVE-2006-5170) + + -- Moritz Muehlenhoff Sun, 22 Oct 2006 22:26:58 +0200 + +libpam-ldap (180-1.1) unstable; urgency=low + + * NMU. + * debian/control: Remove unnecessary autotool dependencies. (Closes: + #376654) + + -- Eric Dorland Sun, 3 Sep 2006 00:33:47 -0400 + +libpam-ldap (180-1) unstable; urgency=low + + * New upstream release + * Maintainer upload, Closes: #324899 + * Changed password file to be /etc/pam_ldap.secret, Closes: #302547 + * Change pam_acct_mgmt to use username when groupattr is + 'memberUid', Closes: #292030, #341541 + * Started using upstream's manpage, Closes: #302400, #307628 + * Fix debhelper to use libpam-ldap/override, Closes: #302543, #312928 + * Make pam_password choices translatable, Closes: #338825 + * Fix debconf depends to allow debconf-2.0, Closes: #332002 + * debconf-updatepo run, Closes: #337261 + * Added ldapns.schema to /usr/share/doc/libpam-ldap, Closes: #340581 + * Added vietnamese translation, Closes: #312439 + * Clean up debconf questions, Closes: #312440 + * Updated French translation, Closes: #340199 + + -- Stephen Frost Mon, 16 Jan 2006 14:45:33 -0500 + +libpam-ldap (178-1) unstable; urgency=low + + * New upstream release + * exop pw change fixed in upstream, Closes: #270412, #284105 + * Added documentation regarding check_host_attr, Closes: #274873, #278615 + * Included updated manpage from Philipp Matthias Hann, Closes: #135462 + * Removed purging of ldap.secrets, might be used by others, Closes: #277203 + * Updated French translation, Closes: #267733 + * Added Japanese translation, Closes: #287075 + * Added Czech translation, Closes: #288023 + + -- Stephen Frost Wed, 30 Mar 2005 00:27:06 -0500 + +libpam-ldap (169-1) unstable; urgency=low + + * New upstream release, Closes: #258810 + * Fixed chsh/chfn, Closes: #240175 + * Added French translation, Closes: #220803 + * Cleaned up templates file, Closes: #214568 + * Added md5 option to templates, Closes: #228818 + * Session bug fixed by upstream, Closes: #221748 + * crypt/anon bind fixed upstream, Closes: #202466 + + -- Stephen Frost Sat, 7 Aug 2004 23:57:01 -0400 + +libpam-ldap (167-1) unstable; urgency=low + + * New upstream. + + -- Stephen Frost Sun, 15 Feb 2004 22:16:41 -0500 + +libpam-ldap (164-2) unstable; urgency=low + + * Whoops, forgot build-depend on cdbs, fixed. + + -- Stephen Frost Thu, 2 Oct 2003 16:21:44 -0400 + +libpam-ldap (164-1) unstable; urgency=low + + * New maintainer, moved to CDBS. + * New upstream release, Closes: #207044. + * Removed the extrafilter patch, upstream has added functionality + which replaces it (service-based authorization). + * Added patch to log when updating shadowlastchange fails, Closes: #165994. + * Added patch to fix typo in man page, Closes: #208434. + * Added patch to document pam_min/max_uid, Closes: #109658. + * Compiled with TLS/SSL support, Closes: #171431, #207045. + * Moved to po-debconf with supplied patch, Closes: #183956. + + -- Stephen Frost Wed, 1 Oct 2003 13:14:21 -0400 + +libpam-ldap (156-1) unstable; urgency=low + + * New upstream release + * rewrote configuration script to use the same format as libnss-ldap + this makes it aware of the current settings in the configuration. + (Closes: #153013) + * Moved the example configuration file to /usr/share/libpam-ldap + * Bumped the Standards-Version to 3.5.8 + + -- Sami Haahtinen Sun, 19 Jan 2003 01:20:12 +0200 + +libpam-ldap (151-1) unstable; urgency=low + + * New upstream release + * Fixed a bug in ###DEBCONF### handling in configuration. + * Disabled SSL Disabling? (Closes: #103307) + - Removed the ugly #undef from ldap_pam.c + - Removed --disable-ssl from options + - Added an additional runtime test to keep the logs from + filling with openldap warnings. + + -- Sami Haahtinen Tue, 13 Aug 2002 21:28:47 +0300 + +libpam-ldap (148-1) unstable; urgency=low + + * New upstream release + * Upstream now includes the patch to handle forced password expiring. + + -- Sami Haahtinen Thu, 9 May 2002 14:09:15 +0300 + +libpam-ldap (144-1) unstable; urgency=low + + * New upstream release + * Upstream fix for a security related bug which involves a Format String + problems. The propability for this bug to affect the security on a + normally configured system is so small that i won't squeeze this in to + woody at all. (first affected version was 40) + * Added Patch from Alexander Zangerl to handle the case where password is + expired by the admin (by setting the last changed field to 0) + (Closes: #144175) + * Fixed extraFilter handling with auth (Closes: #145557) + + -- Sami Haahtinen Wed, 8 May 2002 00:19:13 +0300 + +libpam-ldap (140-1) unstable; urgency=low + + * New upstream release + + -- Sami Haahtinen Thu, 14 Mar 2002 23:52:28 +0200 + +libpam-ldap (138-1) unstable; urgency=medium + + * New upstream release + * Note to those who use the extra_filter patch, (aka. the filter= parameter) + i'm planning on dropping the patch in favour of multiple + configuration-files. + * geteuid() reverted back to getuid(), this allowed users to change their + passwords without pamldap prompting for the old password (Closes: #135811) + + -- Sami Haahtinen Tue, 26 Feb 2002 19:59:54 +0200 + +libpam-ldap (135-1) unstable; urgency=low + + * New upstream release + + -- Sami Haahtinen Wed, 9 Jan 2002 09:35:28 +0200 + +libpam-ldap (134-3) unstable; urgency=low + + * Bashed the whole TLS support. (Closes: #122250) + * Those who want to have SSL/TLS support, remove the #undef LDAP_OPT_X_TLS + line from pam_ldap.c + + -- Sami Haahtinen Tue, 11 Dec 2001 14:15:30 +0200 + +libpam-ldap (134-2) unstable; urgency=low + + * Modified Makefile not to link to a fixed place. (Closes: #113802) + + -- Sami Haahtinen Wed, 28 Nov 2001 21:13:32 +0200 + +libpam-ldap (134-1) unstable; urgency=low + + * New upstream release + * Changed the example rootbinddn to cn=admin,ou=people,dc=example,dc=net + which better reflects the default configuration of OpenLDAP + * Lower the priority of libpam-ldap/override question (Closes: #108864) + * package nolonger contains a debian specific patch --disable-ssl, it was + moved to upstream. + * Exop bug was fixed upstream, does the same thing as the patch in the + bugreport (Closes: #118582) + * Added Brazilian portugese (pt_BR) translation (thanks to Andre Luis Lopes) + (Closes: #114004) + + -- Sami Haahtinen Fri, 16 Nov 2001 23:05:12 +0200 + +libpam-ldap (118-1) unstable; urgency=low + + * New upstream release + * Removed the old version of the manual (Closes: #101640) + + -- Sami Haahtinen Thu, 21 Jun 2001 00:02:43 +0300 + +libpam-ldap (116-1) unstable; urgency=low + + * New upstream release + + -- Sami Haahtinen Thu, 14 Jun 2001 22:54:12 +0300 + +libpam-ldap (113-1) unstable; urgency=low + + * New upstream release + * Fixed the messed up manual page. + + -- Sami Haahtinen Sun, 10 Jun 2001 15:37:03 +0300 + +libpam-ldap (112-1) unstable; urgency=low + + * New upstream release + * This version contains a patch to allow forced non-ssl builds. + + -- Sami Haahtinen Tue, 5 Jun 2001 22:43:03 +0300 + +libpam-ldap (110-1) unstable; urgency=low + + * New upstream release + + -- Sami Haahtinen Mon, 28 May 2001 20:18:06 +0300 + +libpam-ldap (108-1) unstable; urgency=low + + * New upstream release + + -- Sami Haahtinen Sat, 12 May 2001 15:59:00 +0300 + +libpam-ldap (107-5) unstable; urgency=low + + * fixed bash-ism from postinst (Closes: #95276) + + -- Sami Haahtinen Thu, 26 Apr 2001 21:30:05 +0300 + +libpam-ldap (107-4) unstable; urgency=low + + * there was a mysterious '| ' character in config. (Closes: #94923) + + -- Sami Haahtinen Mon, 23 Apr 2001 08:01:27 +0300 + +libpam-ldap (107-3) unstable; urgency=low + + * Added Debconf question for LDAP version + * Added Debconf question for pam_password + + -- Sami Haahtinen Sun, 22 Apr 2001 11:30:39 +0300 + +libpam-ldap (107-2) unstable; urgency=low + + * missed one db_input when i was checking for '|| true's fixed now. + (Closes: #94711) + + -- Sami Haahtinen Sat, 21 Apr 2001 19:34:29 +0300 + +libpam-ldap (107-1) unstable; urgency=low + + * New upstream release + * manual up to date again. + * /etc/pam_ldap.conf is no longer a config-file. + * added debconf support again. + + -- Sami Haahtinen Mon, 16 Apr 2001 01:13:08 +0300 + +libpam-ldap (105-3) unstable; urgency=low + + * corrected README.filter a bit. + + -- Sami Haahtinen Wed, 4 Apr 2001 21:08:55 +0300 + +libpam-ldap (105-2) unstable; urgency=low + + * Added support for filter parameter to allow filtering per + program basis (closes: #92137) + + -- Sami Haahtinen Sun, 1 Apr 2001 16:22:32 +0300 + +libpam-ldap (105-1) unstable; urgency=low + + * New upstream release + * Fixed typos in pam_ldap.conf(5) (Closes: #89633) + + -- Sami Haahtinen Wed, 14 Mar 2001 22:21:39 +0200 + +libpam-ldap (99-2) unstable; urgency=low + + * Took over the package from evo + + -- Sami Haahtinen Wed, 28 Feb 2001 16:18:40 +0200 + +libpam-ldap (99-1) unstable; urgency=low + + * New upstream version. + * I've decided to remove all debconf support from /etc/pam_ldap.conf + until I manage to find a better way to handle configuration modifications. + closes: #83803. + + -- Davide Puricelli (evo) Mon, 5 Feb 2001 19:38:14 +0100 + +libpam-ldap (82-2) unstable; urgency=low + + * Fixed a stupid typo into debian/templates. + + -- Davide Puricelli (evo) Fri, 24 Nov 2000 15:38:31 +0100 + +libpam-ldap (82-1) unstable; urgency=low + + * New upstream version. + + -- Davide Puricelli (evo) Wed, 15 Nov 2000 18:43:12 +0100 + +libpam-ldap (77-2) unstable; urgency=low + + * Now we only suggest libnss-ldap; closes: #75263. + + -- Davide Puricelli (evo) Thu, 2 Nov 2000 17:38:06 +0100 + +libpam-ldap (77-1) unstable; urgency=low + + * New upstream version. + * Added debconf support, patch provided by Michael Vogt . + * Standard compliant to 3.2.1 + + -- Davide Puricelli (evo) Sun, 15 Oct 2000 22:14:29 +0200 + +libpam-ldap (75-1) unstable; urgency=low + + * New upstream version. + + -- Davide Puricelli (evo) Thu, 12 Oct 2000 17:48:39 +0200 + +libpam-ldap (74-1) unstable; urgency=low + + * New upstream version. + + -- Davide Puricelli (evo) Mon, 2 Oct 2000 15:17:47 +0200 + +libpam-ldap (72-4) unstable; urgency=low + + * Previous version was broken because of libnss-ldap, now + it works; closes: #71750. + + -- Davide Puricelli (evo) Mon, 18 Sep 2000 19:23:36 +0200 + +libpam-ldap (72-3) unstable; urgency=low + + * Compiled against libldap2. + + -- Davide Puricelli (evo) Thu, 14 Sep 2000 17:10:37 +0200 + +libpam-ldap (72-2) unstable; urgency=low + + * Added "Build-Depends: libtool" and patched configure + to run "automake -a"; closes: #70706. + + -- Davide Puricelli (evo) Fri, 1 Sep 2000 15:31:45 +0200 + +libpam-ldap (72-1) unstable; urgency=low + + * New upstream version; closes: #67924, #64217, #64220, + #65130, #67808. + * Added chsh and chfn into examples; closes: #65295. + + -- Davide Puricelli (evo) Mon, 28 Aug 2000 19:20:13 +0200 + +libpam-ldap (43-3) unstable; urgency=low + + * New maintainer. + * pam.conf:s/"/usr/lib/security"/"/lib/security"; closes: #67319. + + -- Davide Puricelli (evo) Tue, 22 Aug 2000 18:19:59 +0200 + +libpam-ldap (43-2) frozen unstable; urgency=low + + * Escape username for search filter, closes: #66114 + + -- Ben Collins Thu, 29 Jun 2000 22:43:53 -0400 + +libpam-ldap (43-1) unstable; urgency=low + + * New upstream version + + -- Ben Collins Mon, 10 Jan 2000 15:16:26 -0500 + +libpam-ldap (42-2) unstable; urgency=low + + * made sure pam_ldap.so is linked with -lc and -ldl, fixes segfaults, + closes: #52567 + * reverted some old changes, closes: #48990 + + -- Ben Collins Sun, 26 Dec 1999 14:57:52 -0500 + +libpam-ldap (42-1) unstable; urgency=low + + * New upstream + + -- Ben Collins Sun, 3 Oct 1999 17:27:31 -0400 + +libpam-ldap (34-1) unstable; urgency=low + + * New upstream source + * Recompiled against latest libopenldap1 + + -- Ben Collins Sat, 12 Jun 1999 13:01:01 -0400 + +libpam-ldap (32-1) unstable; urgency=low + + * New upstream source + + -- Ben Collins Sat, 8 May 1999 20:48:53 -0400 + +libpam-ldap (24-1) unstable; urgency=low + + * Another new upstream source + + -- Ben Collins Fri, 16 Apr 1999 12:05:51 -0400 + +libpam-ldap (23-1) unstable; urgency=low + + * New upstream source + + -- Ben Collins Sun, 11 Apr 1999 12:46:32 -0400 + +libpam-ldap (22-1) unstable; urgency=low + + * New upstream source + * Added pam_ldap.conf man page + + -- Ben Collins Tue, 9 Mar 1999 10:35:46 -0500 + +libpam-ldap (18-2) unstable; urgency=low + + * Added two patches from Jason Gunthorpe to fix one double free() and + better handling of stacked passwd modules. + * Added md5 password support with a 'md5' arg + + -- Ben Collins Sat, 20 Feb 1999 01:11:58 -0500 + +libpam-ldap (18-1) unstable; urgency=low + + * Initial Release. + + -- Ben Collins Fri, 12 Feb 1999 18:16:03 -0500 + --- libpam-ldap-184.orig/debian/compat +++ libpam-ldap-184/debian/compat @@ -0,0 +1 @@ +5 --- libpam-ldap-184.orig/debian/control +++ libpam-ldap-184/debian/control @@ -0,0 +1,18 @@ +Source: libpam-ldap +Section: admin +Priority: extra +XSBC-Original-Maintainer: Richard A Nelson (Rick) +Maintainer: Ubuntu Core Developers +Standards-Version: 3.7.2 +Build-Depends: cdbs (>= 0.4.93~), quilt, patchutils, debhelper (>= 8.1.3~), autotools-dev, libldap2-dev, libsasl2-dev, libpam0g-dev + +Package: libpam-ldap +Architecture: any +Multi-Arch: same +Depends: ${shlibs:Depends}, ${misc:Depends}, libpam-runtime (>= 1.0.1-6), libpam0g (>= 1.1.3-2), ldap-auth-config (>= 0.5.2) +Suggests: libnss-ldapd | libnss-ldap +Description: Pluggable Authentication Module for LDAP + This package provides an interface between an LDAP server and the PAM + user authentication system. Using it along with libnss-ldapd or libnss-ldap + allows LDAP to entirely replace other lookup methods (such as NIS or + flat-file) for system account tables. --- libpam-ldap-184.orig/debian/copyright +++ libpam-ldap-184/debian/copyright @@ -0,0 +1,28 @@ +This package was debianized by Davide Puricelli (evo) on +Tue, 22 Aug 2000 17:28:18 +0200. + +It was downloaded from ftp://ftp.padl.com/pub + +Upstream Author: Luke Howard , 2000-2007 + +Copyright © Luke Howard , + + This program is free software; you can redistribute it and/or + modify it under the terms of the GNU General Public License as + published by the Free Software Foundation; version 2 dated June, + 1991. + + This program is distributed in the hope that it will be useful, but + WITHOUT ANY WARRANTY; without even the implied warranty of + MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU + General Public License for more details. + + You should have received a copy of the GNU General Public License + along with this program; if not, write to the Free Software + Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA + 02110-1301, USA. + + + On Debian GNU/Linux systems, the complete text of the GNU General + Public License can be found in /usr/share/common-licenses/GPL-2'. + --- libpam-ldap-184.orig/debian/libpam-ldap.dirs +++ libpam-ldap-184/debian/libpam-ldap.dirs @@ -0,0 +1 @@ +usr/share/libpam-ldap --- libpam-ldap-184.orig/debian/libpam-ldap.install +++ libpam-ldap-184/debian/libpam-ldap.install @@ -0,0 +1,10 @@ +build-tree/*/ldap.conf usr/share/libpam-ldap +build-tree/*/pam.d usr/share/doc/libpam-ldap/examples +build-tree/*/chfn usr/share/doc/libpam-ldap/examples +build-tree/*/chsh usr/share/doc/libpam-ldap/examples +build-tree/*/pam.conf usr/share/doc/libpam-ldap/examples +build-tree/*/pam_ldap.5 usr/share/man/man5 +build-tree/*/ldapns.schema usr/share/doc/libpam-ldap +debian/LDAP-Permissions.txt usr/share/doc/libpam-ldap +debian/tmp/lib/*/security +debian/tmp/usr/share/pam-configs/ldap --- libpam-ldap-184.orig/debian/libpam-ldap.pam-auth-update +++ libpam-ldap-184/debian/libpam-ldap.pam-auth-update @@ -0,0 +1,19 @@ +Name: LDAP Authentication +Default: yes +Priority: 128 +Auth-Type: Primary +Auth-Initial: + [success=end default=ignore] pam_ldap.so +Auth: + [success=end default=ignore] pam_ldap.so use_first_pass +Account-Type: Primary +Account: + [success=end default=ignore] pam_ldap.so +Password-Type: Primary +Password-Initial: + [success=end user_unknown=ignore default=die] pam_ldap.so +Password: + [success=end user_unknown=ignore default=die] pam_ldap.so use_authtok try_first_pass +Session-Type: Additional +Session: + optional pam_ldap.so --- libpam-ldap-184.orig/debian/libpam-ldap.postinst +++ libpam-ldap-184/debian/libpam-ldap.postinst @@ -0,0 +1,24 @@ +#!/bin/sh +set -e + + account=1170fa7f8d78efefb69d4f744d88b8a1 + auth=a1a966fd7f4693917727834d3569e8dd +password=94888efb331555074e6ce9b13dbdaf77 + session=dd5ab3071f6a3d94388a12a93d04cd8c + +force= +if dpkg --compare-versions "$2" lt-nl 184-4ubuntu2; then + # If we're upgrading from an older libpam-ldap, + # and the pam configuration precisely matches that + # which was written by auth-client-config (via ldap-auth-config), we + # can safely force the pam-auth-update. + force=--force + for type in auth account session password + do + sum="$(md5sum /etc/pam.d/common-$type 2>/dev/null | awk '{ print $1 }')" + [ "$sum" = "$(eval echo \$$type)" ] || force= + done +fi +pam-auth-update --package $force + +#DEBHELPER# --- libpam-ldap-184.orig/debian/libpam-ldap.prerm +++ libpam-ldap-184/debian/libpam-ldap.prerm @@ -0,0 +1,12 @@ +#!/bin/sh + +set -e + +if [ "$1" = remove ] && \ +[ "$(dpkg-query --show libpam-ldap 2> /dev/null | wc -l)" = 1 ]; then + pam-auth-update --package --remove ldap +fi + +#DEBHELPER# + +exit 0 --- libpam-ldap-184.orig/debian/patches/chfn_ldap_conf +++ libpam-ldap-184/debian/patches/chfn_ldap_conf @@ -0,0 +1,13 @@ +# Fixed chsh/chfn, Closes: #240175 +# Use proper ldap.conf file +--- libpam-ldap-184.orig/chfn ++++ libpam-ldap-184/chfn +@@ -46,7 +46,7 @@ + # use pam_ldap's config file since this script is ldap specific and + # is a work around for a deficiency in pam + $CONF{'pam_login_attribute'}='uid'; +-open(CONF,"/etc/ldap.conf") or die "$!\n"; ++open(CONF,"/etc/pam_ldap.conf") or die "$!\n"; + while() { + next if(m/^\s*($|#)/); + m/^\s*(\S+)\s+(.*?)\s*$/; --- libpam-ldap-184.orig/debian/patches/chsh_ldap_conf +++ libpam-ldap-184/debian/patches/chsh_ldap_conf @@ -0,0 +1,13 @@ +# Fixed chsh/chfn, Closes: #240175 +# Use proper ldap.conf file +--- libpam-ldap-184.orig/chsh ++++ libpam-ldap-184/chsh +@@ -32,7 +32,7 @@ + # use pam_ldap's config file since this script is ldap specific and + # is a work around for a deficiency in pam + $CONF{'pam_login_attribute'}='uid'; +-open(CONF,"/etc/ldap.conf") or die "$!\n"; ++open(CONF,"/etc/pam_ldap.conf") or die "$!\n"; + while() { + next if(m/^\s*($|#)/); + m/^\s*(\S+)\s+(.*?)\s*$/; --- libpam-ldap-184.orig/debian/patches/log_shadowlastchange_failure +++ libpam-ldap-184/debian/patches/log_shadowlastchange_failure @@ -0,0 +1,30 @@ +# Added patch to log when updating shadowlastchange fails, Closes: #165994 +# +--- libpam-ldap-184.orig/pam_ldap.c ++++ libpam-ldap-184/pam_ldap.c +@@ -3762,6 +3762,8 @@ + } + else + { ++ int errcode; ++ + /* update shadowLastChange; may fail if not shadowAccount */ + snprintf (buf, sizeof buf, "%ld", time (NULL) / (60 * 60 * 24)); + strvals[0] = buf; +@@ -3805,8 +3805,14 @@ + mods[0] = &mod; + mods[1] = NULL; + +- /* do this silently because it may fail */ +- (void) ldap_modify_s (session->ld, session->info->userdn, mods); ++ /* Only log errors because it may fail */ ++ errcode = ldap_modify_s (session->ld, session->info->userdn, mods); ++ if (errcode != LDAP_SUCCESS) ++ { ++ syslog (LOG_WARNING, ++ "pam_ldap: Unable to update shadowLastChange attribute: %s", ++ ldap_err2string (rc)); ++ } + + snprintf (errmsg, sizeof errmsg, + "LDAP password information changed for %s", username); --- libpam-ldap-184.orig/debian/patches/series +++ libpam-ldap-184/debian/patches/series @@ -0,0 +1,4 @@ +chfn_ldap_conf +chsh_ldap_conf +log_shadowlastchange_failure +username_for_memberuid --- libpam-ldap-184.orig/debian/patches/username_for_memberuid +++ libpam-ldap-184/debian/patches/username_for_memberuid @@ -0,0 +1,21 @@ +# Change pam_acct_mgmt to use username when groupattr is +# 'memberUid', Closes: #292030, #341541 +--- libpam-ldap-184.orig/pam_ldap.c ++++ libpam-ldap-184/pam_ldap.c +@@ -4013,9 +4013,15 @@ + /* group auth, per Chris's pam_ldap_auth module */ + if (session->conf->groupdn != NULL) + { ++ const char *value = session->info->userdn; ++ ++ if (strcasecmp(session->conf->groupattr, "memberUid") == 0) ++ value = username; ++ + rc = ldap_compare_s (session->ld, + session->conf->groupdn, +- session->conf->groupattr, session->info->userdn); ++ session->conf->groupattr, value); ++ + if (rc != LDAP_COMPARE_TRUE) + { + snprintf (buf, sizeof buf, "You must be a %s of %s to login.", --- libpam-ldap-184.orig/debian/rules +++ libpam-ldap-184/debian/rules @@ -0,0 +1,25 @@ +#!/usr/bin/make -f + +include /usr/share/cdbs/1/class/makefile.mk +DEB_UPSTREAM_VERSION := $(shell echo $(DEB_VERSION) | sed 's/-[^-]*//') +# strip of a optionally added cvs patch (format: upstream+cvs-debian) +DEB_UPSTREAM_TARBALL_VERSION := $(shell echo $(DEB_UPSTREAM_VERSION) | sed 's/+[^+]*//') +DEB_TAR_SRCDIR := pam_ldap-$(DEB_UPSTREAM_TARBALL_VERSION) +include /usr/share/cdbs/1/class/autotools.mk +include /usr/share/cdbs/1/rules/debhelper.mk +include /usr/share/cdbs/1/rules/patchsys-quilt.mk +include /usr/share/cdbs/1/rules/tarball.mk + +DEB_DESTDIR = $(CURDIR)/debian/tmp +MY_INSTR_DIR = $(CURDIR)/debian/libpam-ldap +DEB_CONFIGURE_EXTRA_FLAGS += \ + --libdir=/lib/$(DEB_HOST_MULTIARCH) \ + --with-ldap-lib=openldap +DEB_OPT_FLAG += -fPIC + +# Keep file autoconf list out of the diff +clean:: + rm *.cdbs-config_list + +install/libpam-ldap:: + install -D -m 644 debian/libpam-ldap.pam-auth-update debian/tmp/usr/share/pam-configs/ldap --- libpam-ldap-184.orig/debian/watch +++ libpam-ldap-184/debian/watch @@ -0,0 +1,7 @@ +# format version number, currently 3; this line is compulsory! +version=3 + +# Line continuations are performed with \ +# Full-site-with-pattern [Version [Action]] +http://www.padl.com/download/pam_ldap-(.*)\.tar\.gz debian +#http://www.padl.com/download/pam_ldap-(.*)\.tar(\.gz)?\.sig debian