Control: fixed -1 0.8.5 Control: tags -1 + patch On Thu, 2013-02-21 at 01:09 +0000, Mark Cunningham wrote: > Before install, i get the defaults i configured when installed the > package. I set these to non used variables and created the nslcd.conf > myself.
I've been able to find the problem: the package configuration scripts don't do the modifications properly when an option is specified multiple times in nslcd.conf. This is allowed for the base keyword. When reading the configuration file, the last value from the configuration file is used but when writing back the changes the first option is replaced. This was fixed in 0.8.5 to both read and write the first option only which means the configuration should no longer be mangled in those cases (debconf configuration still doesn't support configuring with multiple base options though). The change that went into 0.8.5 is here: http://arthurdejong.org/viewvc/nss-pam-ldapd?revision=1567&view=revision Attached is a patch which has basically the same change for 0.7.15+squeeze3. Also, the 0.8 packaging has been updated to be more robust in parsing and writing the configuration. Btw, in nslcd.conf you currently have: base ou=users,ou=users,dc=example,dc=com base ou=groups,dc=example,dc=com while this is probably what is meant: base passwd ou=users,ou=users,dc=example,dc=com base group ou=groups,dc=example,dc=com The way is more efficient because if you have two base statements two searches are always performed. > If i understand the process, are debian scripts actually parsing out > options that you've configured and attempting to regenerate the config > file? Yes. The package tries to guess reasonable defaults during installation (e.g. if libnss_ldap was installed before, look in DNS for a likely search base, etc.). The package also supports managing most common configurations with: dpkg-reconfigure nslcd The package also supports pre-seeding (setting site-wide defaults for automated installation). If a configuration file is already in place it should take the values of the configuration file instead of using pre-seeded or guessed values. > Should it not be done the same as any other package with a changed > config file. You're prompted to install the package maintaner's > version or keep your own and have the ability of doing a diff. Not to > mention there doesn't actually seem to be any changes needed in this > case. Why even attempt to mess with the config file at all? It is a little more complicated than that. When managing configuration files as described you will not get prompts to install the maintainer's version (the two mechanisms are mutually exclusive). Hope this clarifies a few things. Thanks for the bug report and providing the detailed information that made it possible to track down this issue. I will try to get this into an update for squeeze if possible. -- -- arthur - adej...@debian.org - http://people.debian.org/~adejong --
Property changes on: . ___________________________________________________________________ Modified: svn:mergeinfo Merged /nss-pam-ldapd:r1566 Index: debian/nslcd.config =================================================================== --- debian/nslcd.config (revision 1926) +++ debian/nslcd.config (working copy) @@ -78,7 +78,7 @@ if [ -z "$uris" ] then hosts=`sed -n 's/^host[[:space:]]*//ip' "$cfgfile"` - port=`sed -n 's/^port[[:space:]]*//ip' "$cfgfile" | tail -n 1` + port=`sed -n 's/^port[[:space:]]*//ip' "$cfgfile" | head -n 1` for host in $hosts do if [ -z "$port" ] || (echo "$host" | grep -q ':' ) @@ -95,21 +95,21 @@ db_get nslcd/ldap-base if [ -z "$RET" ] then - searchbase=`sed -n 's/^base[[:space:]]*\([^[:space:]]*\)[[:space:]]*$/\1/ip' "$cfgfile" | tail -n 1` + searchbase=`sed -n 's/^base[[:space:]]*\([^[:space:]]*\)[[:space:]]*$/\1/ip' "$cfgfile" | head -n 1` [ -n "$searchbase" ] && db_set nslcd/ldap-base "$searchbase" fi # find binddn db_get nslcd/ldap-binddn if [ -z "$RET" ] then - binddn=`sed -n 's/^binddn[[:space:]]*//ip' "$cfgfile" | tail -n 1` + binddn=`sed -n 's/^binddn[[:space:]]*//ip' "$cfgfile" | head -n 1` db_set nslcd/ldap-binddn "$binddn" fi # find bindpw db_get nslcd/ldap-bindpw if [ -z "$RET" ] then - bindpw=`sed -n 's/^bindpw[[:space:]]*//ip' "$cfgfile" | tail -n 1` + bindpw=`sed -n 's/^bindpw[[:space:]]*//ip' "$cfgfile" | head -n 1` db_set nslcd/ldap-bindpw "$bindpw" fi # check ssl option @@ -128,7 +128,7 @@ db_get nslcd/ldap-reqcert if [ -z "$RET" ] then - reqcert=`sed -n 's/^tls_\(reqcert\|checkpeer\)[[:space:]]*\([^[:space:]]*\)[[:space:]]*$/\2/ip' "$cfgfile" | tail -n 1` + reqcert=`sed -n 's/^tls_\(reqcert\|checkpeer\)[[:space:]]*\([^[:space:]]*\)[[:space:]]*$/\2/ip' "$cfgfile" | head -n 1` # normalise value reqcert=`echo "$reqcert" | tr 'A-Z' 'a-z' | sed 's/^no$/never/;s/^yes$/demand/;s/^hard$/demand/'` [ -n "$reqcert" ] && db_set nslcd/ldap-reqcert "$reqcert"
signature.asc
Description: This is a digitally signed message part