Bug#628825: slapd: Failure to continue with authentication as configured.
Package: slapd Version: 2.4.23-7 Severity: important Firewalled system depending on anonymous bind to a local replicated copy of the ldap database. After update to squeeze that functionality is removed. No warning given, and no documentation on a simple way to restore it. Don't want to have passwords littered through configuration files. If you're going to enforce a funky new configuration mechanism. (cn=config) you can at least replicate the actual configuration. -- System Information: Debian Release: 6.0.1 APT prefers stable APT policy: (500, 'stable') Architecture: amd64 (x86_64) Kernel: Linux 2.6.32-5-amd64 (SMP w/4 CPU cores) Locale: LANG=en_US.UTF-8, LC_CTYPE=en_US.UTF-8 (charmap=UTF-8) Shell: /bin/sh linked to /bin/dash Versions of packages slapd depends on: ii adduser 3.112+nmu2 add and remove users and groups ii coreutils 8.5-1GNU core utilities ii debconf [debconf-2.0] 1.5.36.1 Debian configuration management sy ii libc6 2.11.2-10Embedded GNU C Library: Shared lib ii libdb4.84.8.30-2 Berkeley v4.8 Database Libraries [ ii libgnutls26 2.8.6-1 the GNU TLS library - runtime libr ii libldap-2.4-2 2.4.23-7 OpenLDAP libraries ii libltdl72.2.6b-2 A system independent dlopen wrappe ii libperl5.10 5.10.1-17shared Perl library ii libsasl2-2 2.1.23.dfsg1-7 Cyrus SASL - authentication abstra ii libslp1 1.2.1-7.8OpenSLP libraries ii libwrap07.6.q-19 Wietse Venema's TCP wrappers libra ii lsb-base3.2-23.2squeeze1 Linux Standard Base 3.2 init scrip ii perl [libmime-base64-pe 5.10.1-17Larry Wall's Practical Extraction ii psmisc 22.11-1 utilities that use the proc file s ii unixodbc2.2.14p2-1 ODBC tools libraries Versions of packages slapd recommends: ii libsasl2-modules 2.1.23.dfsg1-7 Cyrus SASL - pluggable authenticat Versions of packages slapd suggests: ii ldap-utils2.4.23-7 OpenLDAP utilities -- Configuration Files: /etc/default/slapd changed: SLAPD_USER=openldap SLAPD_GROUP=openldap SLAPD_PIDFILE= SLAPD_SERVICES=ldap:/// ldapi:/// SLAPD_SENTINEL_FILE=/etc/ldap/noslapd SLAPD_OPTIONS= -- debconf information: * slapd/password1: (password omitted) slapd/internal/adminpw: (password omitted) slapd/internal/generated_adminpw: (password omitted) * slapd/password2: (password omitted) slapd/password_mismatch: slapd/tlsciphersuite: slapd/invalid_config: true shared/organization: sea.mccscs.com slapd/upgrade_slapcat_failure: slapd/slurpd_obsolete: slapd/backend: HDB slapd/dump_database: when needed slapd/allow_ldap_v2: false slapd/no_configuration: false slapd/move_old_database: true slapd/suffix_change: false slapd/dump_database_destdir: /var/backups/slapd-VERSION slapd/purge_database: false slapd/domain: sea.mccscs.com -- To UNSUBSCRIBE, email to debian-bugs-dist-requ...@lists.debian.org with a subject of unsubscribe. Trouble? Contact listmas...@lists.debian.org
Bug#628825: slapd: Failure to continue with authentication as configured.
tags 628825 moreinfo thanks On Wed, Jun 01, 2011 at 09:09:00AM -0700, Ray Klassen wrote: Package: slapd Version: 2.4.23-7 Severity: important Firewalled system depending on anonymous bind to a local replicated copy of the ldap database. After update to squeeze that functionality is removed. No warning given, and no documentation on a simple way to restore it. I'm afraid this description is far too vague to let us fix this issue for you. What, *exactly*, was the configuration you had in place in slapd.conf that was silently dropped instead of being migrated? Don't want to have passwords littered through configuration files. If you're going to enforce a funky new configuration mechanism. (cn=config) you can at least replicate the actual configuration. I realize you're frustrated at running into this problem, but this disparaging attitude doesn't help anyone fix your bug. The funky new configuration mechanism is required in order to address a number of longstanding bugs and issues with openldap, and it is the only configuration mechanism that will be supported upstream in the future. It is also, until now, not reported to have any other problems automatically migrating configuration from an existing slapd.conf, so we'll need some more details to be able to isolate the bug you're describing. -- Steve Langasek Give me a lever long enough and a Free OS Debian Developer to set it on, and I can move the world. Ubuntu Developerhttp://www.debian.org/ slanga...@ubuntu.com vor...@debian.org signature.asc Description: Digital signature
Bug#628825: slapd: Failure to continue with authentication as configured.
Sorry if I sound snarky. I am not much of a slapd expert. This thing's is a mail server. When I originally set it up I took a stock slapd.conf file and altered it to enable slurpd replication from my main ldap service. libnss-ldap, exim and dovecot didn't need to bind with a dn and password to retrieve relevant ldap information for authentication and whatnot. Now they do. The new configuration documentation does not have much about it that is easy to find. Used to be when a debian package was going to change significantly on the next version upgrade there was more hand holding in dpkg-configure dialogs and so on. Ray -- To UNSUBSCRIBE, email to debian-bugs-dist-requ...@lists.debian.org with a subject of unsubscribe. Trouble? Contact listmas...@lists.debian.org
