nslcd auto-configuration disregards existing nslcd.conf
Affects | Status | Importance | Assigned to | Milestone | |
---|---|---|---|---|---|
nss-pam-ldapd (Ubuntu) |
Fix Released
|
Undecided
|
Rafael David Tinoco | ||
Precise |
Fix Released
|
Undecided
|
Unassigned |
Bug Description
[Impact]
* When nslcd is upgraded, the config and postinst scripts run and
wrongly update /etc/nslcd.conf with values previously saved in the
debconf database. This can result in broken nslcd.conf configurations
after the upgrade (thus causing LDAP authentication, etc. to stop
working)
[Test Case]
* Install older nslcd, configuring it with a bad uri at the debconf
prompt.
* edit the /etc/nslcd.conf directly to produce a working configuration.
* Try to upgrade to a newer version of the package (but earlier than
this fix) and then notice that the uri line /etc/nslcd.conf is
changed back to the saved debconf value, thus leaving a non-working
configuration.
[Regression Potential]
* this is a cherry-pick from an upstream bzr fix (rev: #19).
* it gives preference to values currently found in /etc/nslcd.conf
over those saved in debconf in the event of an upgrade.
* tested by 2 different users and they said it works.
[Other Info]
* Original BUG description
We have nslcd already installed, with /etc/nslcd.conf listing our LDAP servers. We also have an Active Directory server installed, which servers the DNS SRV entries to exist in order to function properly. Our Ubuntu servers do not use AD, however, and so when nslcd is upgraded, the config script runs:
server=`host -N 2 -t SRV _ldap._tcp.$domain 2> /dev/null | grep -v NXDOMAIN | awk '{print $NF}' | head -1 | sed 's/\.$//'` || true
... finds Active Directory, and replaces the LDAP servers we have in /etc/nslcd.conf with the name of the first AD server it finds. (I should note there are four listed, and it only adds the first one - this is probably a separate bug)
This is unwelcome behaviour, forcing us to use --force-confold as a workaround.
The guess_ldap_uri() function should only be called if /etc/nslcd.conf is not usable, to prevent it overwriting valid configuration with incorrectly guessed ones.
ProblemType: Bug
DistroRelease: Ubuntu 12.04
Package: nslcd 0.8.4ubuntu0.2
ProcVersionSign
Uname: Linux 3.2.0-53-
ApportVersion: 2.0.1-0ubuntu17.4
Architecture: i386
Date: Tue Sep 24 14:07:45 2013
InstallationMedia: Ubuntu 10.10 "Maverick Meerkat" - Release i386 (20101007)
MarkForUpload: True
SourcePackage: nss-pam-ldapd
UpgradeStatus: Upgraded to precise on 2012-04-30 (512 days ago)
Related branches
Changed in nss-pam-ldapd (Ubuntu): | |
assignee: | nobody → Rafael David Tinoco (inaddy) |
description: | updated |
description: | updated |
tags: | removed: removal-candidate |
This is probable the same problem as Debian bug #717063 (http:// bugs.debian. org/670133). The applied fix is here:
http:// arthurdejong. org/viewvc/ nss-pam- ldapd?view= revision& revision= 2016