Your message dated Thu, 06 Aug 2015 19:49:31 +0530
with message-id <[email protected]>
and subject line Bug fixed
has caused the Debian Bug report #792233,
regarding freedombox-setup: Configure PAM for LDAP user logins
to be marked as done.
This means that you claim that the problem has been dealt with.
If this is not the case it is now your responsibility to reopen the
Bug report if necessary, and/or fix the problem forthwith.
(NB: If you are a system administrator and have no idea what this
message is talking about, this may indicate a serious mail system
misconfiguration somewhere. Please contact [email protected]
immediately.)
--
792233: http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=792233
Debian Bug Tracking System
Contact [email protected] with problems
--- Begin Message ---
Package: freedombox-setup
Severity: wishlist
Tags: patch
The attached patch will allow some LDAP users to login to the system. To
login, the user must have objectClass of posixAccount, and also must be
in the admin group. I will also make a pull request for Plinth to setup
users and manage groups.
From 87744b5b773f1206f306aa8b07cde8c3176e8a00 Mon Sep 17 00:00:00 2001
From: James Valleroy <[email protected]>
Date: Wed, 8 Jul 2015 19:46:27 -0400
Subject: [PATCH 1/2] Configure PAM for LDAP user logins.
---
setup.d/30_ldap-server | 6 ++++++
1 file changed, 6 insertions(+)
diff --git a/setup.d/30_ldap-server b/setup.d/30_ldap-server
index 358c922..e78508d 100755
--- a/setup.d/30_ldap-server
+++ b/setup.d/30_ldap-server
@@ -21,3 +21,9 @@ objectClass: organizationalUnit
ou: groups
EOF
+
+# Configure PAM for LDAP user logins
+echo nslcd nslcd/ldap-sasl-mech select EXTERNAL | debconf-set-selections
+echo libnss-ldapd libnss-ldapd/nsswitch multiselect group, passwd, shadow \
+ | debconf-set-selections
+DEBIAN_FRONTEND=noninteractive apt-get install -y nslcd libpam-ldapd libnss-ldapd
--
2.1.4
From bb2d589cd4cc8b66d05b31b44f2a0ae4dbf3b191 Mon Sep 17 00:00:00 2001
From: James Valleroy <[email protected]>
Date: Sun, 12 Jul 2015 12:32:38 -0400
Subject: [PATCH 2/2] Allow only users in admin group to login.
---
first-run.d/50_ldap-server | 15 +++++++++++++++
setup.d/30_ldap-server | 5 +++++
2 files changed, 20 insertions(+)
diff --git a/first-run.d/50_ldap-server b/first-run.d/50_ldap-server
index 6b45da8..e8051fe 100755
--- a/first-run.d/50_ldap-server
+++ b/first-run.d/50_ldap-server
@@ -12,4 +12,19 @@ changetype: modify
replace: olcRootDN
olcRootDN: gidNumber=0+uidNumber=0,cn=peercred,cn=external,cn=auth
+dn: cn=module{0},cn=config
+changetype: modify
+add: olcModuleLoad
+olcModuleLoad: memberof.la
+
+EOF
+
+cat <<EOF |ldapadd -Y EXTERNAL -H ldapi:///
+dn: olcOverlay={0}memberof,olcDatabase={1}mdb,cn=config
+objectClass: olcConfig
+objectClass: olcMemberOf
+objectClass: olcOverlayConfig
+objectClass: top
+olcOverlay: memberof
+
EOF
diff --git a/setup.d/30_ldap-server b/setup.d/30_ldap-server
index e78508d..6d96c87 100755
--- a/setup.d/30_ldap-server
+++ b/setup.d/30_ldap-server
@@ -27,3 +27,8 @@ echo nslcd nslcd/ldap-sasl-mech select EXTERNAL | debconf-set-selections
echo libnss-ldapd libnss-ldapd/nsswitch multiselect group, passwd, shadow \
| debconf-set-selections
DEBIAN_FRONTEND=noninteractive apt-get install -y nslcd libpam-ldapd libnss-ldapd
+
+# Only users in admin group can login
+if ! grep -q "filter passwd (&(objectClass=posixAccount)(memberOf=cn=admin,ou=groups,dc=thisbox))" /etc/nslcd.conf ; then
+ echo "filter passwd (&(objectClass=posixAccount)(memberOf=cn=admin,ou=groups,dc=thisbox))" >>/etc/nslcd.conf
+fi
--
2.1.4
--- End Message ---
--- Begin Message ---
Package: freedombox-setup
Version: 0.5
This bug was not automatically fixed due to a typo.
We believe that the bug you reported is fixed in the latest version of
freedombox-setup, which is due to be installed in the Debian FTP archive.
A summary of the changes between this version and the previous one is
attached.
Thank you for reporting the bug, which will now be closed. If you
have further comments please address them to [email protected],
and the maintainer will reopen the bug report if appropriate.
Debian distribution maintenance software
pp.
Nick Daly <[email protected]> (supplier of updated freedombox-setup
package)
(This message was generated automatically at their request; if you
believe that there is a problem with it please contact the archive
administrators by mailing [email protected])
Format: 1.8
Date: Thu, 06 Aug 2015 06:40:43 -0500
Source: freedombox-setup
Binary: freedombox-setup
Architecture: source all
Version: 0.5
Distribution: unstable
Urgency: medium
Maintainer: Petter Reinholdtsen <[email protected]>
Changed-By: Nick Daly <[email protected]>
Description:
freedombox-setup - Package to set up freedombox environment
Closes: 786164 786689 787025 787128 789441 791704
Changes:
freedombox-setup (0.5) unstable; urgency=medium
.
[ Nick Daly ]
* Upload 0.5 release.
.
[ Sunil Mohan Adapa ]
* Migrate to dh_python3 from python-support (Closes: #786164).
* Use nmcli to setup network connections (Closes: #786689).
* Remove jwchat/ejabber setup as it is handle by Plinth (Closes:
#787025).
* Remove LDAP root password and create ou=groups (Closes: #787128).
* Remove renaming of network interaces as it does not work. Start using
systemd's new predictable naming. Don't alter
/etc/network/interface anymore. (Closes: #789441).
* Use network manager for configuring DNS and DHCP servers.
.
[ James Valleroy ]
* Apply patch from Sunil to fix hang issue when building Raspberry Pi
images.
* Remove privoxy setup as it happens in Plinth now (Closes: #791704).
* Configure PAM for LDAP user logins (Close: #792233).
Checksums-Sha1:
122eeaf942196768d907daadd54372a4d5317dd7 1815 freedombox-setup_0.5.dsc
b7dcd34c7c34e4064fed4fa9da4a12144660c015 48088 freedombox-setup_0.5.tar.gz
3f51348cf516f515fb2fec4e55af63aa4c3e8dd5 33802 freedombox-setup_0.5_all.deb
Checksums-Sha256:
068887ebc4929b3d33b335e13415fbebce440fd4afa6aadd70d0fc9139900b92 1815
freedombox-setup_0.5.dsc
619581ef6c1408360085e25e070de1fcb5ca164e0502be8cab56ff6273275776 48088
freedombox-setup_0.5.tar.gz
70219ad8bc2426a585d13ef92e67893a2873278866b515d4bdb764f17529fd55 33802
freedombox-setup_0.5_all.deb
Files:
9eab5bfc6cbd37ec46f9695fac930fd9 1815 misc optional
freedombox-setup_0.5.dsc
816eb58eb369b67d2a8c68aea6e9f81a 48088 misc optional
freedombox-setup_0.5.tar.gz
cf229b1e284b17309f39dbf807c5f9aa 33802 misc optional
freedombox-setup_0.5_all.deb
signature.asc
Description: OpenPGP digital signature
--- End Message ---
