nss-pam-ldapd should not depend on nslcd

Bug #576137 reported by ben thielsen
18
This bug affects 3 people
Affects Status Importance Assigned to Milestone
nss-pam-ldapd (Ubuntu)
Confirmed
Undecided
Unassigned

Bug Description

since the nssov slapd overlay can also provide the necessary components for the stub libraries to work, nss-pam-ldapd should not explicitly depend on nslcd. users using the overlay would have no need for nslcd, and therefore it would not need to be installed.

Revision history for this message
Arthur de Jong (adejong) wrote :

Another alternative would be to have a separate package for the nssov overlay which would provide/conflict nslcd. That package (slapd-nssov?) could then also have the maintainer scripts configure and enable the overlay in slapd.

I don't think dropping the dependency is a good idea because users upgrading from older versions where the daemon was part of libnss-ldapd would end up with a non-functioning system without a clear way to fix it after an upgrade.

Revision history for this message
ben thielsen (btb-bitrate) wrote :

that's a good point. i'm not terribly familiar with ubuntu/debian packaging particulars, but could a meta package be used, that could be satisfied with either nslcd or slapd? would that allow for flexibility, while not breaking upgrades?

Revision history for this message
Launchpad Janitor (janitor) wrote :

Status changed to 'Confirmed' because the bug affects multiple users.

Changed in nss-pam-ldapd (Ubuntu):
status: New → Confirmed
Revision history for this message
Howard Chu (hyc) wrote :

Tell me what you need to see in a canned slapd+nssov configuration/script. Happy to provide that.

Revision history for this message
Ryan Steele (ryans-aweber) wrote :

Since we're discussing the nslcd dependency, it may also be worth noting that the --disable-nslcd option to the configure script (via debian/rules) does not remove all dependencies on nslcd at build time:

# install a pam-auth-update configuration file
install -D -m 644 debian/libpam-ldapd.pam-auth-update debian/tmp/usr/share/pam-configs/ldap
dh_testdir
dh_testroot
dh_install
 install -d debian/nslcd/
 cp -a debian/tmp/etc debian/nslcd//
 install -d debian/nslcd//usr
 cp -a debian/tmp/usr/sbin debian/nslcd//usr/
cp: cannot stat `debian/tmp/usr/sbin': No such file or directory
dh_install: cp -a debian/tmp/usr/sbin debian/nslcd//usr/ returned exit code 1
make: *** [binary-arch] Error 2
dpkg-buildpackage: error: debian/rules binary gave error exit status 2

Removing the --sysconfdir=/etc and --localstatedir=/var options (since they really only apply to nslcd) yields no success either. Removing debian/nslcd.install was the only thing that got it to build successfully, although it also builds nslcd, despite the --disable-nslcd flag.

Revision history for this message
Ryan Steele (ryans-aweber) wrote :

Forgot to mention that I also removed these options without success (prior to deleting debian/nslcd.install):

--with-ldap-conf-file=/etc/nslcd.conf
--with-nslcd-pidfile=/var/run/nslcd/nslcd.pid
--with-nslcd-socket=/var/run/nslcd/socket

Revision history for this message
Ryan Steele (ryans-aweber) wrote :

Turns out it just required a little common sense - omitting nslcd entirely from debian/rules (and removing it from the Depends line for the other two packages) fixes the issue. Still have yet to test the resulting libpam-ldapd & libnss-ldapd packages.

To post a comment you must log in.
This report contains Public information  
Everyone can see this information.

Other bug subscribers

Remote bug watches

Bug watches keep track of this bug in other bug trackers.