Package: libnss-ldap
Version: 251-7.1
Severity: important
Tags: patch
-- System Information:
Debian Release: 4.0
APT prefers testing
APT policy: (500, 'testing')
Architecture: i386 (i686)
Shell: /bin/sh linked to /bin/bash
Kernel: Linux 2.6.18-3-686
Locale: LANG=en_US, LC_CTYPE=en_US (charmap=ISO-8859-1)
Versions of packages libnss-ldap depends on:
ii debconf [debconf-2.0] 1.5.11 Debian configuration management sy
ii libc6 2.3.6.ds1-8 GNU C Library: Shared libraries
ii libkrb53 1.4.4-6 MIT Kerberos runtime libraries
ii libldap2 2.1.30-13.2 OpenLDAP libraries
Versions of packages libnss-ldap recommends:
ii libpam-ldap 180-1.4 Pluggable Authentication Module al
ii nscd 2.3.6.ds1-8 GNU C Library: Name Service Cache
-- debconf information:
* libnss-ldap/dblogin: false
* shared/ldapns/base-dn: dc=rmer,dc=nl
* libnss-ldap/binddn: cn=manager,dc=rmer,dc=nl
* libnss-ldap/dbrootlogin: true
libnss-ldap/override: true
* shared/ldapns/ldap-server: ldapi://%2fvar%2frun%2fslapd%2fldapi/
* libnss-ldap/confperm: false
* libnss-ldap/rootbinddn: cn=admin,dc=rmer,dc=nl
* shared/ldapns/ldap_version: 3
* libnss-ldap/nsswitch:
The postinstall script wrongly configures ldapi:// uris. This locks out every
non-local account.
The relevant section in the postinstall is
if echo $RET | egrep -q '^ldaps?://'; then
disable_param host
change_value uri "$RET"
else
disable_param uri
change_value host "$RET"
fi
This fails, however, on a ldapi: uri (i.e. a local socket). It will appear as
"host ldapi:// ... "
which does not work ;((. It should be
"uri ldapi:// ..."
A fix is to change the condition into
if echo $RET | egrep -q '^ldap[is]?://'; then
Regards,
Rene Hogendoorn
--
This message has been scanned for viruses and
dangerous content by MailScanner, and is
believed to be clean.
--
To UNSUBSCRIBE, email to [EMAIL PROTECTED]
with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED]
