Howdi, Simply send me an email and explain what's going on ... and I will try to fix the problem
cheers, >[EMAIL PROTECTED] (magic) writes: > This is a multi-part message in MIME format. > --------------080204070108020107050403 > Content-Type: text/plain; charset=us-ascii; format=flowed > Content-Transfer-Encoding: 7bit > > Buchan Milne wrote: > > >Scott, please file a bug on this so we can track it. > > > > > > I would love to, but same old story... > > I haven't been able to file a bug report through bugzilla @ > qa.mandrakesoft.com for over 8 months now, with several messages sent to > [EMAIL PROTECTED], warly, as well as copying to cooker list, (hoping > to get someone's attension) - oh, well... > > >Please note that some issues are affected by certificate validation > >issues, I am currently running some cooker boxes without ssl in > >/etc/ldap.conf, and/or disabled cert validation. > > > >[Vince, the cert validation issue also affects the openldap packages on > >9.1. I mentioned this before, and I have discovered that the problem I > >had attributed to TinyCA is a general problem with cert validation (in > >the case you don't use self-signed certs). I will file a seperate bug on > >openldap, but I would like your input on it)] > > > > > > I am not running openldap with ssl (yet) so I haven't seen any of > those types of issues. > > >> In cases where you have a system & ldap user (with same uid) the > >>system password is changed, when the ldap password should be changed > >>(not good)... Any ideas? > >> > >> > > > >Hmm, we don't have any local user accounts any more (everything is in > >LDAP besides emergency accounts on boxes which don't allow local root > >login). > > > >Please upload a copy of your /etc/pam.d/system-auth file to your bug report. > > > > > > Done. (Actually I will copy what I tried to post to bugzilla. > Expecting it wouldn't go, I saved a copy.) > > Thanks again! > > S > > > Bug report: > > > *Reporter:* [EMAIL PROTECTED] *Product:* pam_ldap > *Version:* *Component <describecomponents.cgi?product=pam_ldap>: * > > > *Architecture <bug_status.html#rep_platform>: * > *Priority <bug_status.html#priority>: * *Severity > <bug_status.html#bug_severity>: * > > *Assigned To <bug_status.html#assigned_to>: * (Leave blank to assign to > default component owner) > *Cc:* > > *URL:* > *Warning: please write in english only* > *Summary:* > *Description:* > > > > Text version: > > In cases where you have a system & ldap user (with same uid) the > system password is changed, when the ldap password should have been > changed (not good)... > > Not sure exactally where the issue is, but pam_ldap-161-1.1mdk works (in > conjunction) with both nss_ldap-204-1.1mdk & 207-1mdk. > > > Additional Info: > /etc/pam.d/system-auth > ---------------------- > #%PAM-1.0 > auth required /lib/security/pam_env.so > auth sufficient /lib/security/pam_unix.so likeauth nullok > auth sufficient /lib/security/pam_ldap.so use_first_pass > auth required /lib/security/pam_deny.so > > account required /lib/security/pam_unix.so > account sufficient /lib/security/pam_ldap.so > > password required /lib/security/pam_cracklib.so retry=3 minlen=2 > dcredit=0 ucredit=0 ucredit=0 > password sufficient /lib/security/pam_unix.so nullok use_authtok > md5 shadow > password sufficient /lib/security/pam_ldap.so use_authtok > password required /lib/security/pam_deny.so > > session required /lib/security/pam_limits.so > session required /lib/security/pam_unix.so > > /etc/pam.d/passwd > ----------------- > #%PAM-1.0 > auth sufficient /lib/security/pam_ldap.so > auth required /lib/security/pam_pwdb.so shadow nullok > > account sufficient /lib/security/pam_ldap.so > account required /lib/security/pam_pwdb.so > > password required /lib/security/pam_cracklib.so retry=3 minlen=4 > dcredit=0 ucredit=0 > password sufficient /lib/security/pam_ldap.so use_authtok > password required /lib/security/pam_pwdb.so use_authtok nullok md5 > shadow > > > --------------080204070108020107050403 > Content-Type: text/html; charset=us-ascii > Content-Transfer-Encoding: 7bit > > <!DOCTYPE html PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN"> > <html> > <head> > <meta http-equiv="Content-Type" content="text/html;charset=ISO-8859-1"> > <title></title> > </head> > <body text="#000000" bgcolor="#ffffff"> > Buchan Milne wrote:<br> > <blockquote type="cite" cite="[EMAIL PROTECTED]"> > <pre wrap="">Scott, please file a bug on this so we can track it. > </pre> > </blockquote> > <br> > I would love to, but same old story...<br> > <br> > I haven't been able to file a bug report through bugzilla @ > qa.mandrakesoft.com for over 8 months now, with several messages sent > to <a class="moz-txt-link-abbreviated" href="mailto:[EMAIL PROTECTED]">[EMAIL > PROTECTED]</a>, warly, as well as copying to cooker list, > (hoping to get someone's attension) - oh, well...<br> > <br> > <blockquote type="cite" cite="[EMAIL PROTECTED]"> > <pre wrap="">Please note that some issues are affected by certificate validation > issues, I am currently running some cooker boxes without ssl in > /etc/ldap.conf, and/or disabled cert validation. > > [Vince, the cert validation issue also affects the openldap packages on > 9.1. I mentioned this before, and I have discovered that the problem I > had attributed to TinyCA is a general problem with cert validation (in > the case you don't use self-signed certs). I will file a seperate bug on > openldap, but I would like your input on it)] > </pre> > </blockquote> > <br> > I am not running openldap with ssl (yet) so I haven't seen any of > those types of issues.<br> > <br> > <blockquote type="cite" cite="[EMAIL PROTECTED]"> > <blockquote type="cite"> > <pre wrap=""> In cases where you have a system & ldap user (with same uid) > the > system password is changed, when the ldap password should be changed > (not good)... Any ideas? > </pre> > </blockquote> > <pre wrap=""><!----> > Hmm, we don't have any local user accounts any more (everything is in > LDAP besides emergency accounts on boxes which don't allow local root > login). > > Please upload a copy of your /etc/pam.d/system-auth file to your bug report. > </pre> > </blockquote> > <br> > Done. (Actually I will copy what I tried to post to bugzilla. > Expecting it wouldn't go, I saved a copy.) <br> > <br> > Thanks again!<br> > <br> > S<br> > <br> > <br> > Bug report:<br> > <br> > <br> > <table cellspacing="2" cellpadding="0" border="0"> > <tbody> > <tr> > <td valign="top" align="right"><strong>Reporter:</strong></td> > <td valign="top"><a class="moz-txt-link-abbreviated" href="mailto:[EMAIL > PROTECTED]">[EMAIL PROTECTED]</a></td> > <td valign="top" align="right"><strong>Product:</strong></td> > <td valign="top">pam_ldap</td> > </tr> > <tr> > <td valign="top" align="right"><strong>Version:</strong> </td> > <td> > <select size="5" name="version"> > <option value="164-1mdk">164-1mdk (current)</option> > <option value="148-2mdk">148-2mdk</option> > <option value="148-3mdk">148-3mdk</option> > <option value="156-1mdk">156-1mdk</option> > <option value="161-1mdk">161-1mdk</option> > <option value="161-2mdk">161-2mdk</option> > <option value="164-1mdk" selected="selected">164-1mdk (current)</option> > </select> > </td> > <td valign="top" align="right"><strong><a > href="describecomponents.cgi?product=pam_ldap">Component</a>: </strong></td> > <td> > <select size="5" name="component"> > <option value="documentation">documentation : Problem in the > documentation included in the package</option> > <option value="i18n">i18n : Problem of > internationalisation/translation in the package</option> > <option value="packaging">packaging : Problem in installing, > removing or updating the package</option> > <option value="pam_ldap">pam_ldap : NSS library and PAM module > for LDAP.</option> > <option value="program">program : Problem in using programs > included in the package</option> > </select> > </td> > </tr> > <tr> > <td> </td> > <td colspan="3"><br> > </td> > </tr> > <tr> > <td align="right"><strong><a > href="bug_status.html#rep_platform">Architecture</a>: > </strong></td> > <td> > <select name="rep_platform"> > <option value="All">All</option> > <option value="DEC">DEC</option> > <option value="HP">HP</option> > <option value="Macintosh">Macintosh</option> > <option value="PC" selected="selected">PC</option> > <option value="SGI">SGI</option> > <option value="Sun">Sun</option> > <option value="Other">Other</option> > </select> > </td> > </tr> > <tr> > <td align="right"><strong><a href="bug_status.html#priority">Priority</a>: > </strong></td> > <td> > <select name="priority"> > <option value="P1">P1</option> > <option value="P2">P2</option> > <option value="P3" selected="selected">P3</option> > <option value="P4">P4</option> > <option value="P5">P5</option> > </select> > </td> > <td align="right"><strong><a href="bug_status.html#bug_severity">Severity</a>: > </strong></td> > <td> > <select name="bug_severity"> > <option value="blocker">blocker</option> > <option value="critical">critical</option> > <option value="major" selected="selected">major</option> > <option value="normal">normal</option> > <option value="minor">minor</option> > <option value="trivial">trivial</option> > <option value="enhancement">enhancement</option> > </select> > </td> > </tr> > <tr> > <td> </td> > <td colspan="3"><br> > </td> > </tr> > <input type="hidden" value="NEW" name="bug_status"> <tr> > <td align="right"><strong><a href="bug_status.html#assigned_to">Assigned > To</a>: </strong></td> > <td colspan="3"><input size="32" name="assigned_to"> (Leave blank > to assign to default component owner) </td> > </tr> > <tr> > <td align="right"><strong>Cc:</strong></td> > <td colspan="3"><input size="45" name="cc"> </td> > </tr> > <tr> > <td> </td> > <td colspan="3"><br> > </td> > </tr> > <tr> > <td align="right"><strong>URL:</strong></td> > <td colspan="3"><input size="60" value="http://"; > name="bug_file_loc"> </td> > </tr> > <tr> > <td colspan="2"><strong><font color="#ff0000">Warning</font>: > please write in english only</strong> </td> > </tr> > <tr> > <td align="right"><strong>Summary:</strong></td> > <td colspan="3"><input size="60" > value="Not updating/changing ldap password " name="short_desc"> </td> > </tr> > <tr> > <td valign="top" align="right"><strong>Description:</strong></td> > <td colspan="3"><textarea name="comment" rows="10" wrap="hard" > cols="80"> In cases where you have a system & ldap user (with same > uid) the system password is changed, when the ldap password should have > been changed (not good)... > Not sure exactally where the issue is, but pam_ldap-161-1.1mdk works > (in conjunction) with both nss_ldap-204-1.1mdk & 207-1mdk. > Additional Info: > /etc/pam.d/system-auth > ---------------------- > #%PAM-1.0 > auth required /lib/security/pam_env.so > auth sufficient /lib/security/pam_unix.so likeauth nullok > auth sufficient /lib/security/pam_ldap.so use_first_pass > auth required /lib/security/pam_deny.so > account required /lib/security/pam_unix.so > account sufficient /lib/security/pam_ldap.so > password required /lib/security/pam_cracklib.so retry=3 minlen=2 > dcredit=0 ucredit=0 ucredit=0 > password sufficient /lib/security/pam_unix.so nullok use_authtok md5 > shadow > password sufficient /lib/security/pam_ldap.so use_authtok > password required /lib/security/pam_deny.so > session required /lib/security/pam_limits.so > session required /lib/security/pam_unix.so > /etc/pam.d/passwd > ----------------- > #%PAM-1.0 > auth sufficient /lib/security/pam_ldap.so > auth required /lib/security/pam_pwdb.so shadow nullok > account sufficient /lib/security/pam_ldap.so > account required /lib/security/pam_pwdb.so > password required /lib/security/pam_cracklib.so retry=3 minlen=4 > dcredit=0 ucredit=0 > password sufficient /lib/security/pam_ldap.so use_authtok > password required /lib/security/pam_pwdb.so use_authtok nullok md5 > shadow > </textarea> <br> > </td> > </tr> > </tbody> > </table> > <br> > <br> > Text version:<br> > <br> > In cases where you have a system & ldap user (with same uid) the > system password is changed, when the ldap password should have been > changed (not good)...<br> > <br> > Not sure exactally where the issue is, but pam_ldap-161-1.1mdk works > (in conjunction) with both nss_ldap-204-1.1mdk & 207-1mdk.<br> > <br> > <br> > Additional Info:<br> > /etc/pam.d/system-auth<br> > ----------------------<br> > #%PAM-1.0<br> > auth > required /lib/security/pam_env.so<br> > auth sufficient > /lib/security/pam_unix.so likeauth nullok<br> > auth sufficient > /lib/security/pam_ldap.so use_first_pass<br> > auth > required /lib/security/pam_deny.so<br> > <br> > account required > /lib/security/pam_unix.so<br> > account sufficient > /lib/security/pam_ldap.so<br> > <br> > password required > /lib/security/pam_cracklib.so retry=3 > minlen=2 dcredit=0 ucredit=0 ucredit=0<br> > password sufficient /lib/security/pam_unix.so > nullok use_authtok > md5 shadow<br> > password sufficient /lib/security/pam_ldap.so > use_authtok<br> > password required > /lib/security/pam_deny.so<br> > <br> > session required > /lib/security/pam_limits.so<br> > session required > /lib/security/pam_unix.so<br> > <br> > /etc/pam.d/passwd<br> > -----------------<br> > #%PAM-1.0<br> > auth sufficient > /lib/security/pam_ldap.so<br> > auth required > /lib/security/pam_pwdb.so shadow nullok<br> > <br> > account sufficient /lib/security/pam_ldap.so<br> > account required > /lib/security/pam_pwdb.so<br> > <br> > password required /lib/security/pam_cracklib.so > retry=3 minlen=4 > dcredit=0 ucredit=0<br> > password sufficient /lib/security/pam_ldap.so use_authtok<br> > password required /lib/security/pam_pwdb.so > use_authtok nullok > md5 shadow<br> > <br> > </body> > </html> > > --------------080204070108020107050403-- > > -- Florin http://www.mandrakesoft.com http://people.mandrakesoft.com/~florin/
