Comment 0 for bug 1090328

Hi there,

ldapscripts by default tries to use /etc/ldap.secret generated by libnss-ldap, but it fails because it contains a trailing new line.
This is the error found in /var/log/ldapscripts.log:
ldap_bind: Invalid credentials (49)

That's because /etc/ldap.secret is created by libnss-ldap with a trailing new line, which is not compatible with ldapadd.
I can think of 3 possible solutions:
1) strip that new line in /usr/share/ldapscripts/runtime.debian
2) change the libnss-ldap package to save the password in /etc/ldap.secret without the new line
3) drop the support for this feature, so don't even try to use /etc/ldap.secret and update /usr/share/ldapscripts/runtime.debian, /etc/ldapscripts/ldapscripts.conf and the documentation accordingly

Imho removing this feature (solution 3) would be a bit of a shame as it almost works.

Thanks,

Giacomo