nslcd config and debconf
Affects | Status | Importance | Assigned to | Milestone | |
---|---|---|---|---|---|
nss-pam-ldapd (Ubuntu) |
Fix Released
|
Undecided
|
Unassigned |
Bug Description
Here is a problem with setting up an "external" sasl auth parameter in /etc/nslcd.conf with debconf and dpkg-reconfigure (see short session log below).
Usually I use sasl_mech "external" configured in nslcd.conf and all is fine, except ongoing ubuntu/debian updates, every time a package is updated a debconf reconfigures it to keep configuration settings "correct" in a way a developer/
I was unable to find a place to report a bug in ubuntu repos (nslcd belongs to universe, and not a part of ubuntu), and if some can point out a good link, it wold be very helpful to report bug more "officially".
The main problem is that I can use "external" sasl mech, but it is unconditionally overwriten every update to the "auto", which makes nslcd disconnected from slapd, and require handy intervention every time (sorry, tired) to manually check /etc/nslcd.conf, and remove "auto" with "external". :)
Here is a sequence of commands to show the effect of "external" mech setting up. Please, take into account that setting /etc/nslcd.conf manually with vi or emacs has the same result - after update (e.g. debconf noninteractive reconfiguring) it always becomes "auto" instead of required "external". Please Help!
# echo nslcd nslcd/ldap-
# debconf-show nslcd
* nslcd/ldap-bindpw: (password omitted)
* nslcd/ldap-
* nslcd/ldap-
nslcd/
* nslcd/ldap-
nslcd/
* nslcd/ldap-uris: ldapi:///
* nslcd/ldap-
nslcd/
* nslcd/ldap-
* nslcd/ldap-
* nslcd/ldap-base: dc=local
* nslcd/ldap-
# dpkg-reconfigure -f noninteractive nslcd
* Stopping LDAP connection daemon nslcd [ OK ]
* Starting LDAP connection daemon nslcd [ OK ]
# debconf-show nslcd
* nslcd/ldap-bindpw: (password omitted)
* nslcd/ldap-
* nslcd/ldap-
nslcd/
* nslcd/ldap-
nslcd/
* nslcd/ldap-uris: ldapi:///
* nslcd/ldap-
nslcd/
* nslcd/ldap-
* nslcd/ldap-
* nslcd/ldap-base: dc=local
* nslcd/ldap-
# cat /etc/nslcd.conf
uid 0
gid 0
ldap_version 3
sasl_mech auto
uri ldapi:///
rootpwmoddn cn=admin,dc=local
pam_authz_search (&(objectClass=
base dc=local
The problem is that the value "external" isn't currently supported by the package configuration and it is incorrectly replaced by auto as a default value. Current supported values are: auto, LOGIN, PLAIN, NTLM, CRAM-MD5, DIGEST-MD5, GSSAPI, OTP.
The "EXTERNAL" value will be added as a possible value.
Btw, using debconf- set-selections and using dpkg-reconfigure is not a supported way to update the configuration because the current configuration is always read from the configuration file in order to preserve configuration changes outside debconf. The only situation where preseeding would work is on initial installation when the configuration file is absent.
The change in SVN is at: arthurdejong. org/viewvc/ nss-pam- ldapd?revision= 1778&view= revision
http://