Bug#746727: marked as done (slapd: Please include slapd-sha2 contrib module)

[Debian Bug Tracking System]

Your message dated Tue, 21 Oct 2014 21:43:23 +0000
with message-id <e1xghd9-0005ab...@franck.debian.org>
and subject line Bug#746727: fixed in openldap 2.4.40-2
has caused the Debian Bug report #746727,
regarding slapd: Please include slapd-sha2 contrib module
to be marked as done.

This means that you claim that the problem has been dealt with.
If this is not the case it is now your responsibility to reopen the
Bug report if necessary, and/or fix the problem forthwith.

(NB: If you are a system administrator and have no idea what this
message is talking about, this may indicate a serious mail system
misconfiguration somewhere. Please contact ow...@bugs.debian.org
immediately.)


-- 
746727: http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=746727
Debian Bug Tracking System
Contact ow...@bugs.debian.org with problems

--- Begin Message ---

Package: slapd
Version: 2.4.31-1+nmu2
Severity: important
Tags: upstream

Dear Maintainer,

I ran into a particularly vexing problem with OpenLDAP:
I populated a user record with a SSHA-512 user password via Apache Directory
Studio and could verify that the password was correct, but I always got an
"invalid credentials" error when trying to bind with that dn and password.

As a workaround, I changed the userPassword fromat to SSHA, and was able to
bind successfully.

Could you please build and include this module with the slapd package?
https://github.com/gcp/openldap/tree/master/contrib/slapd-modules/passwd/sha2

Furthermore, would you please consider loading it by default when debconf
builds a new slapd.d?

Both actions would greatly improve the security and usability of OpenLDAP on
Debian.

Best regards,
Mike Przybylski

-- System Information:
Debian Release: 7.5
  APT prefers stable-updates
  APT policy: (500, 'stable-updates'), (500, 'stable')
Architecture: amd64 (x86_64)

Kernel: Linux 3.2.0-4-amd64 (SMP w/1 CPU core)
Locale: LANG=en_US.UTF-8, LC_CTYPE=en_US.UTF-8 (charmap=UTF-8)
Shell: /bin/sh linked to /bin/dash

Versions of packages slapd depends on:
ii  adduser                     3.113+nmu3
ii  coreutils                   8.13-3.5
ii  debconf [debconf-2.0]       1.5.49
ii  libc6                       2.13-38+deb7u1
ii  libdb5.1                    5.1.29-5
ii  libgcrypt11                 1.5.0-5+deb7u1
ii  libgnutls26                 2.12.20-8+deb7u1
ii  libldap-2.4-2               2.4.31-1+nmu2
ii  libltdl7                    2.4.2-1.1
ii  libodbc1                    2.2.14p2-5
ii  libperl5.14                 5.14.2-21+deb7u1
ii  libsasl2-2                  2.1.25.dfsg1-6+deb7u1
ii  libslp1                     1.2.1-9
ii  libwrap0                    7.6.q-24
ii  lsb-base                    4.1+Debian8+deb7u1
ii  multiarch-support           2.13-38+deb7u1
ii  perl [libmime-base64-perl]  5.14.2-21+deb7u1
ii  psmisc                      22.19-1+deb7u1

Versions of packages slapd recommends:
ii  libsasl2-modules  2.1.25.dfsg1-6+deb7u1

Versions of packages slapd suggests:
ii  ldap-utils  2.4.31-1+nmu2

-- debconf information:
  slapd/internal/generated_adminpw: (password omitted)
* slapd/password2: (password omitted)
  slapd/internal/adminpw: (password omitted)
* slapd/password1: (password omitted)
  slapd/allow_ldap_v2: false
  slapd/password_mismatch:
  slapd/invalid_config: true
  shared/organization: mprzybylski.corp.appdynamics.com
  slapd/upgrade_slapcat_failure:
  slapd/no_configuration: false
  slapd/move_old_database: true
  slapd/dump_database_destdir: /var/backups/slapd-VERSION
  slapd/purge_database: false
  slapd/domain: mprzybylski.corp.appdynamics.com
  slapd/backend: HDB
  slapd/dump_database: when needed

--- End Message ---

--- Begin Message ---

Source: openldap
Source-Version: 2.4.40-2

We believe that the bug you reported is fixed in the latest version of
openldap, which is due to be installed in the Debian FTP archive.

A summary of the changes between this version and the previous one is
attached.

Thank you for reporting the bug, which will now be closed.  If you
have further comments please address them to 746...@bugs.debian.org,
and the maintainer will reopen the bug report if appropriate.

Debian distribution maintenance software
pp.
Ryan Tandy <r...@nardis.ca> (supplier of updated openldap package)

(This message was generated automatically at their request; if you
believe that there is a problem with it please contact the archive
administrators by mailing ftpmas...@ftp-master.debian.org)


-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

Format: 1.8
Date: Mon, 20 Oct 2014 22:19:24 -0700
Source: openldap
Binary: slapd slapd-smbk5pwd ldap-utils libldap-2.4-2 libldap-2.4-2-dbg 
libldap2-dev slapd-dbg
Architecture: source
Version: 2.4.40-2
Distribution: unstable
Urgency: medium
Maintainer: Debian OpenLDAP Maintainers 
<pkg-openldap-de...@lists.alioth.debian.org>
Changed-By: Ryan Tandy <r...@nardis.ca>
Description:
 ldap-utils - OpenLDAP utilities
 libldap-2.4-2 - OpenLDAP libraries
 libldap-2.4-2-dbg - Debugging information for OpenLDAP libraries
 libldap2-dev - OpenLDAP development libraries
 slapd      - OpenLDAP server (slapd)
 slapd-dbg  - Debugging information for the OpenLDAP server (slapd)
 slapd-smbk5pwd - Keeps Samba and Kerberos passwords in sync within slapd.
Closes: 701111 746727 761406
Changes:
 openldap (2.4.40-2) unstable; urgency=medium
 .
   * Fix typo (chmod/chgrp) in previous changelog, spotted by Ferenc Wagner.
   * debian/patches/contrib-modules-use-dpkg-buildflags: Also use CPPFLAGS from
     dpkg-buildflags. Spotted by Lintian.
   * debian/slapd.init.ldif: Don't bother explicitly granting rights to the
     rootdn, since it already has unlimited privileges. Thanks Ferenc Wagner.
   * Recommend MDB for new installations, per upstream's recommendation.
   * Don't re-create the default DB_CONFIG if there wasn't one in the backup,
     for example if the active backend doesn't use it. Thanks Ferenc Wagner.
   * On upgrade, if an access rule begins with "to * by self write", show a
     debconf note warning that it should be changed. (Closes: #761406)
   * Build and install the lastbind contrib module. (Closes: #701111)
   * Build and install the passwd/sha2 contrib module. (Closes: #746727)
Checksums-Sha1:
 f255aedfeb1ffd74a7cc4ab2819ee8de9ad0965e 2756 openldap_2.4.40-2.dsc
 4a9e02ebcea4854949bd5ef5b6fbb0f21be8aa0c 172175 openldap_2.4.40-2.diff.gz
Checksums-Sha256:
 6d75cf7234c5b999a513e46aafc5a846cd452c3759115a2a77ae3887c0d5ced5 2756 
openldap_2.4.40-2.dsc
 c92a2bd3cb60293b841be7e63e702dee4b2a06d528232bf2fa96181c08149b14 172175 
openldap_2.4.40-2.diff.gz
Files:
 c81d0e81391ffc689e4e63b78c32d466 2756 net optional openldap_2.4.40-2.dsc
 306c37b6614c77555d213b6caff5a3d0 172175 net optional openldap_2.4.40-2.diff.gz

-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1

iQIcBAEBAgAGBQJURr8yAAoJEKmDSiJSB45OxrIQAKR1ubH5/4s599Ab5Z9mTBpw
WVmwb6I3PDZDzitkYR6aB9X64GMFiOvv8AwcZ6CxkYF+nSuAWS2uE9niZ7jdpFEA
trFn/Bqg7mnyP7gZR5kdXz7tMlR5V008oljgrfVbEaQk35yWUaspp7Oo1UFABNkW
V0rbuFc9FoPbwwZAUVz7q6n9wSJI7XwfmNRcgt/ghVZmQivo0EOwhEeXCJNeyzvW
p2/1NevuIJHzLC+dTavQh5r+k2xXhbEWVpASPlbNTkpadc4vtd7NCYoaJAfATXv9
5mM23my9l0wNNW/OliXc174XjA1RjUZGRkT984NPxTzsRTmd6h14MTsfakgfej7o
fNKPLizuGDupE/CaS8nDwU5Qiq+Q7abr5F4sRcHrC3j6WyFY29HvRs5DqjGXI1x2
tPsz1C8b6YNMpeUVUm2lw3TlFiHzIZV13Hru5ByJc2gDKPJNY3/9or587gH2KTuD
zEy3xT8Azn+jq62A79uEKE4CPGWbl1PSEZksiBvhjEImHiT1LiE81OlReODFDkNi
Slf+zPy8VUQjDYkYxJph//oNFAGrjLBjOcjA1F0A8oBTQ1k2N5yy7w/6/uFVLsi7
M1vM7hmtUjqOQHEw0pDIbuLpEWhZCN3Y3L8Isa7Wfpc4PFvNuvHbAwP93d2sr7Kd
TameINCyBq3AClnAuXdr
=SRLj
-----END PGP SIGNATURE-----

--- End Message ---