Bug#626571: nslcd: Postinst doesn't handle >2 level domains in base DN suggestion

Fri, 13 May 2011 00:27:19 -0700 

Package: nslcd
Version: 0.7.13
Severity: normal
Tags: patch


When postinst is running it suggests a base DN based on the domain name
of the host. This fails when the domain consists of more than two levels.

In nslcd.config the following code is found:

 # domain name to build the default base
 if [ -n "$domain" ]
   then
     searchbase=`echo "$domain" | sed 's/^/dc=/;s/\./,dc=/'` || true
     db_set nslcd/ldap-base "$searchbase"
   fi
 fi

The sed command is missing a flag 'g' to make the '.' to ',dc=' part to 
function more than once (two level domains).

pelle@devel:~$ echo "lab.example.com" | sed 's/^/dc=/;s/\./,dc=/'
dc=lab,dc=example.com

pelle@devel:~$ echo "lab.example.com" | sed 's/^/dc=/;s/\./,dc=/g'
dc=lab,dc=example,dc=com

A rather trivial patch is attached.

- System Information:
Debian Release: 6.0.1
  APT prefers stable-updates
  APT policy: (500, 'stable-updates'), (500, 'stable')
Architecture: amd64 (x86_64)

Kernel: Linux 2.6.32-5-amd64 (SMP w/1 CPU core)
Locale: LANG=en_US.UTF-8, LC_CTYPE=en_US.UTF-8 (charmap=UTF-8)
Shell: /bin/sh linked to /bin/dash

Versions of packages nslcd depends on:
ii  adduser                     3.112+nmu2   add and remove users and groups
ii  debconf [debconf-2.0]       1.5.36.1     Debian configuration management sy
ii  libc6                       2.11.2-10    Embedded GNU C Library: Shared lib
ii  libgssapi-krb5-2            1.8.3+dfsg-4 MIT Kerberos runtime libraries - k
ii  libldap-2.4-2               2.4.23-7     OpenLDAP libraries

Versions of packages nslcd recommends:
ii  libnss-ldapd [libnss-ldap]    0.7.13     NSS module for using LDAP as a nam
ii  libpam-ldapd [libpam-ldap]    0.7.13     PAM module for using LDAP as an au
ii  nscd                          2.11.2-10  Embedded GNU C Library: Name Servi

Versions of packages nslcd suggests:
pn  kstart                        <none>     (no description available)

-- debconf information:
  nslcd/ldap-starttls: false
* nslcd/ldap-base: dc=lab,dc=example,dc=com
  nslcd/ldap-reqcert:
* nslcd/ldap-uris: ldap://ns1 ldap://ns2
  nslcd/ldap-binddn:

--- /var/lib/dpkg/info/nslcd.config     2010-12-11 23:25:42.000000000 +0100
+++ nslcd.config        2011-05-13 08:54:43.000000000 +0200
@@ -38,7 +38,7 @@
     # domain name to build the default base
     if [ -n "$domain" ]
     then
-      searchbase=`echo "$domain" | sed 's/^/dc=/;s/\./,dc=/'` || true
+      searchbase=`echo "$domain" | sed 's/^/dc=/;s/\./,dc=/g'` || true
       db_set nslcd/ldap-base "$searchbase"
     fi
   fi

Reply via email to