libnss-ldap should not depend on libpam-ldap

Bug #1016592 reported by Cédric Dufour
8
This bug affects 1 person
Affects Status Importance Assigned to Milestone
libnss-ldap (Ubuntu)
Medium
Unassigned

Bug Description

On Ubuntu 12.04, libnss-ldap (264-2.2ubuntu2) should not depend on libpam-ldap (via ldap-auth-config and ldap-auth-client).

Currently, if one installs libnss-ldap, libpam-ldap also gets installed through dependencies.

Installing LDAP name services does not - should not, actually - imply requiring authentication via LDAP.
On Debian, there is no such dependency.

Thank you for considering this suggestion.

Best,

Cédric

Related branches

Revision history for this message
Robie Basak (racb) wrote :

Thank you for taking the time to report this bug and helping to make Ubuntu better.

libnss-ldap recommends libpam-ldap, which is the same as on Debian. On Ubuntu, recommendations are installed by default, but you can override this with apt-get --no-install-recommends.

As such, I'm closing this bug as Invalid. I suppose Ubuntu could relegate this recommends to a suggests, but I'm not sure this is necessary. Please set back to New with more discussion if you disagree.

Changed in libnss-ldap (Ubuntu):
status: New → Invalid
Revision history for this message
Cédric Dufour (cdufour-keyword-ubuntu-086000) wrote :

Thanks for your answer.

We actually have "install-recommends" disabled in /etc/apt/apt.conf.d

If you look closely, you will see that libnss-lap depends on ldap-auth-config, which in turn depends on ldap-auth-client, which in turn depends on libpam-ldap (thus the indirect dependency).

Debian has no such ldap-auth-config package (and thus dependencies).

In the end, maybe the problem lies more with the ldap-auth-config itself depending on ldap-auth-client. I understand the ldap-auth-config allows the seeding of the debcond database with the appropriate LDAP parameters for libnss-ldap to work. So maybe the the issue should be addressed at the level (by the maintainers) of the ldap-auth-config package rather than linnss-ldap's. Your call.

Best,

Cédric

Changed in libnss-ldap (Ubuntu):
status: Invalid → Opinion
Revision history for this message
Robie Basak (racb) wrote :

Cédric,

Sorry. I saw "Recommends: libpam-ldap" on libnss-ldap and assumed that it was the recommends, without considering that there may be an indirect Depends route.

Looking at what ldap-auth-config does, I think it would make sense for libnss-ldap to recommend ldap-auth-config instead of depend on it. I'd like a second opinion on this though.

Changed in libnss-ldap (Ubuntu):
status: Opinion → New
Revision history for this message
Robie Basak (racb) wrote :

And I just realised that you pointed out the indirect route, too. My apologies again.

Robie Basak (racb)
Changed in libnss-ldap (Ubuntu):
status: New → Triaged
importance: Undecided → Medium
Revision history for this message
Launchpad Janitor (janitor) wrote :

This bug was fixed in the package libnss-ldap - 264-2.2ubuntu3

---------------
libnss-ldap (264-2.2ubuntu3) quantal; urgency=low

  * Change dependency on ldap-auth-config to a recommendation only, since
    using LDAP name services does not automatically mean that authentication
    must be via LDAP (LP: #1016592).
 -- Robie Basak <email address hidden> Fri, 22 Jun 2012 22:09:08 +0100

Changed in libnss-ldap (Ubuntu):
status: Triaged → Fix Released
Revision history for this message
Cédric Dufour (cdufour-keyword-ubuntu-086000) wrote :

Thanks for that change. Cheers. Cédric

To post a comment you must log in.
This report contains Public information  Edit
Everyone can see this information.

Other bug subscribers