Package: nslcd Version: 0.7.13 Severity: normal Tags: patch
When postinst is running it suggests a base DN based on the domain name of the host. This fails when the domain consists of more than two levels. In nslcd.config the following code is found: # domain name to build the default base if [ -n "$domain" ] then searchbase=`echo "$domain" | sed 's/^/dc=/;s/\./,dc=/'` || true db_set nslcd/ldap-base "$searchbase" fi fi The sed command is missing a flag 'g' to make the '.' to ',dc=' part to function more than once (two level domains). pelle@devel:~$ echo "lab.example.com" | sed 's/^/dc=/;s/\./,dc=/' dc=lab,dc=example.com pelle@devel:~$ echo "lab.example.com" | sed 's/^/dc=/;s/\./,dc=/g' dc=lab,dc=example,dc=com A rather trivial patch is attached. - System Information: Debian Release: 6.0.1 APT prefers stable-updates APT policy: (500, 'stable-updates'), (500, 'stable') Architecture: amd64 (x86_64) Kernel: Linux 2.6.32-5-amd64 (SMP w/1 CPU core) Locale: LANG=en_US.UTF-8, LC_CTYPE=en_US.UTF-8 (charmap=UTF-8) Shell: /bin/sh linked to /bin/dash Versions of packages nslcd depends on: ii adduser 3.112+nmu2 add and remove users and groups ii debconf [debconf-2.0] 1.5.36.1 Debian configuration management sy ii libc6 2.11.2-10 Embedded GNU C Library: Shared lib ii libgssapi-krb5-2 1.8.3+dfsg-4 MIT Kerberos runtime libraries - k ii libldap-2.4-2 2.4.23-7 OpenLDAP libraries Versions of packages nslcd recommends: ii libnss-ldapd [libnss-ldap] 0.7.13 NSS module for using LDAP as a nam ii libpam-ldapd [libpam-ldap] 0.7.13 PAM module for using LDAP as an au ii nscd 2.11.2-10 Embedded GNU C Library: Name Servi Versions of packages nslcd suggests: pn kstart <none> (no description available) -- debconf information: nslcd/ldap-starttls: false * nslcd/ldap-base: dc=lab,dc=example,dc=com nslcd/ldap-reqcert: * nslcd/ldap-uris: ldap://ns1 ldap://ns2 nslcd/ldap-binddn:
--- /var/lib/dpkg/info/nslcd.config 2010-12-11 23:25:42.000000000 +0100 +++ nslcd.config 2011-05-13 08:54:43.000000000 +0200 @@ -38,7 +38,7 @@ # domain name to build the default base if [ -n "$domain" ] then - searchbase=`echo "$domain" | sed 's/^/dc=/;s/\./,dc=/'` || true + searchbase=`echo "$domain" | sed 's/^/dc=/;s/\./,dc=/g'` || true db_set nslcd/ldap-base "$searchbase" fi fi