nslcd upgrade breaks existing nslcd.conf

Bug #1029062 reported by Stephen
This bug affects 1 person
Affects Status Importance Assigned to Milestone
nss-pam-ldapd (Ubuntu)

Bug Description

When upgrading nslcd to 0.8.4ubuntu.0.1 the "base" entry in /etc/nslcd.conf was overritten. From reading nslcd.postinst the script rebuilds nslcd.conf from debconf. The values in debconf are incorrect. It is unclear where the values in debconf came from. When nslcd restarted it failed due to a missing base entry and the system became unuseable.

nslcd.postinst should not replace a working /etc/nslcd.conf with a broken on.

Related branches

Revision history for this message
Stephen (kernelpanic.ca) wrote :

The debconf entries apear to come from nslcd.config. In read_config() entries from nslcd.conf are put in debconf. However the sed regex does not take into consideration the "base [map] dn" syntax as noted in nslcd.postinst.

Revision history for this message
Stephen (kernelpanic.ca) wrote :


put the "base" entry after any "base <map>" entries.

Revision history for this message
Arthur de Jong (adejong) wrote :

This has been fixed in development and an upcoming 0.8.10-2 release is expected to fix this.

Note that with 0.8.5 or newer the workaround would be to place the empty "base" before the other "base <map>" entries.

Revision history for this message
Launchpad Janitor (janitor) wrote :

This bug was fixed in the package nss-pam-ldapd - 0.8.10-2

nss-pam-ldapd (0.8.10-2) unstable; urgency=low

  * fix typo in comment (thanks Caleb Callaway)
  * install a ldapns.ldif in nslcd doc directory (closes: #674591)
  * ensure that time is set before starting k5start to ensure that Kerberos
    ticket is granted (closes: #659227)
  * properly parse and write configuration options with an optional map
    parameter during debconf configuration (LP: #1029062)

 -- Arthur de Jong <email address hidden> Fri, 31 Aug 2012 23:30:00 +0200

Changed in nss-pam-ldapd (Ubuntu):
status: New → Fix Released
To post a comment you must log in.
This report contains Public information  Edit
Everyone can see this information.

Other bug subscribers