[Touch-packages] [Bug 1386194] Re: openLDAP creates persistent connections into universisty LDAP- this is unwanted by university administrators
[Expired for openldap (Ubuntu) because there has been no activity for 60 days.] ** Changed in: openldap (Ubuntu) Status: Incomplete = Expired -- You received this bug notification because you are a member of Ubuntu Touch seeded packages, which is subscribed to openldap in Ubuntu. https://bugs.launchpad.net/bugs/1386194 Title: openLDAP creates persistent connections into universisty LDAP- this is unwanted by university administrators Status in openldap package in Ubuntu: Expired Bug description: openLDAP creates persistent connections into universisty LDAP- this is unwanted by university administrators. I have ldap.conf cat /etc/ldap.conf ###DEBCONF### ## ## Configuration of this file will be managed by debconf as long as the ## first line of the file says '###DEBCONF###' ## ## You should use dpkg-reconfigure to configure this file via debconf ## # # @(#)$Id: ldap.conf,v 1.38 2006/05/15 08:13:31 lukeh Exp $ # # This is the configuration file for the LDAP nameservice # switch library and the LDAP PAM module. # # PADL Software # http://www.padl.com # # Your LDAP server. Must be resolvable without using LDAP. # Multiple \hosts may be specified, each separated by a # space. How long nss_ldap takes to failover depends on # whether your LDAP client library supports configurable # network or connect timeouts (see bind_timelimit). #host 127.0.0.1 #host ldap.stuba.sk ldap2.stuba.sk host ldap.stuba.sk # The distinguished name of the search base. base ou=People,dc=stuba,dc=sk pam_template_login_attribute uid # Another way to specify your LDAP server is to provide an #uri ldapi://ldap.stuba.sk ldapi://ldap2.stuba.sk #uri ldaps://ldap.stuba.sk ldaps://ldap2.stuba.sk #TLS_REQCERT allow # Unix Domain Sockets to connect to a local LDAP Server. #uri ldap://127.0.0.1/ #uri ldaps://127.0.0.1/ #uri ldapi://%2fvar%2frun%2fldapi_sock/ # Note: %2f encodes the '/' used as directory separator # The LDAP version to use (defaults to 3 # if supported by client library) ldap_version 3 REFERRALS off TIMEOUT 60 NETWORK_TIMEOUT 60 TIMELIMIT 60 refferrals off timeout 60 network_timeout 60 timelimit 60 persistent-search off # The distinguished name to bind to the server with. # Optional: default is to bind anonymously. #binddn uid=fodrek,ou=People,dc=stuba,dc=sk # The credentials to bind with. # Optional: default is no credential. #bindpw secret # The distinguished name to bind to the server with # if the effective user ID is root. Password is # stored in /etc/ldap.secret (mode 600) #rootbinddn cn=manager,dc=padl,dc=com # The port. # Optional: default is 389. #port 389 # The search scope. #scope sub #scope one scope base # Search timelimit timelimit 1 # Bind/connect timelimit bind_timelimit 12 # Reconnect policy: hard (default) will retry connecting to # the software with exponential backoff, soft will fail # immediately. #bind_policy hard bind_policy soft # Idle timelimit; client will close connections # (nss_ldap only) if the server has not been contacted # for the number of seconds specified below. #idle_timelimit 3600 idle_timelimit 60 debug 99 # Filter to AND with uid=%s #pam_filter objectclass=account #pam_filter objectclass=posixAccount # The user ID attribute (defaults to uid) pam_login_attribute uid # Search the root DSE for the password policy (works # with Netscape Directory Server) #pam_lookup_policy yes # Check the 'host' attribute for access control # Default is no; if set to yes, and user has no # value for the host attribute, and pam_ldap is # configured for account management (authorization) # then the user will not be allowed to login. pam_check_host_attr no # Check the 'authorizedService' attribute for access # control # Default is no; if set to yes, and the user has no # value for the authorizedService attribute, and # pam_ldap is configured for account management # (authorization) then the user will not be allowed # to login. #pam_check_service_attr yes # Group to enforce membership of #pam_groupdn ou=People,dc=stuba,dc=sk # Group member attribute #pam_member_attribute uniquemember #pam_member_attribute uid # Specify a minium or maximum UID number allowed #pam_min_uid 0 #pam_max_uid 0 # Template login attribute, default template user # (can be overriden by value of former attribute # in user's entry) #pam_login_attribute userPrincipalName #pam_template_login_attribute uid #pam_template_login nobody # HEADS UP: the pam_crypt, pam_nds_passwd, # and pam_ad_passwd options are no # longer supported. # # Do not hash the password at all; presume # the directory server will do it, if # necessary. This is the default. pam_password md5 # Hash password locally; required for University of # Michigan LDAP
[Touch-packages] [Bug 1386194] Re: openLDAP creates persistent connections into universisty LDAP- this is unwanted by university administrators
Hi, Thank you for reporting this and helping to make Ubuntu better. Peter Fodrek wrote: cat /etc/ldap.conf This is the configuration file for libnss-ldap, which is not part of OpenLDAP. If you need assistance with configuring libnss-ldap or libpam- ldap, I suggest contacting the support channels for that software, or asking on answers.ubuntu.com. You might also wish to try libnss-ldapd /libpam-ldapd and see whether they have the same problem. If you are experiencing a bug in OpenLDAP, please try to provide more evidence of such; or if you are experiencing a bug (and are certain it's a bug, not a misconfiguration) in libnss-ldap, please reassign this to the appropriate package. Thanks! ** Changed in: openldap (Ubuntu) Status: New = Incomplete -- You received this bug notification because you are a member of Ubuntu Touch seeded packages, which is subscribed to openldap in Ubuntu. https://bugs.launchpad.net/bugs/1386194 Title: openLDAP creates persistent connections into universisty LDAP- this is unwanted by university administrators Status in “openldap” package in Ubuntu: Incomplete Bug description: openLDAP creates persistent connections into universisty LDAP- this is unwanted by university administrators. I have ldap.conf cat /etc/ldap.conf ###DEBCONF### ## ## Configuration of this file will be managed by debconf as long as the ## first line of the file says '###DEBCONF###' ## ## You should use dpkg-reconfigure to configure this file via debconf ## # # @(#)$Id: ldap.conf,v 1.38 2006/05/15 08:13:31 lukeh Exp $ # # This is the configuration file for the LDAP nameservice # switch library and the LDAP PAM module. # # PADL Software # http://www.padl.com # # Your LDAP server. Must be resolvable without using LDAP. # Multiple \hosts may be specified, each separated by a # space. How long nss_ldap takes to failover depends on # whether your LDAP client library supports configurable # network or connect timeouts (see bind_timelimit). #host 127.0.0.1 #host ldap.stuba.sk ldap2.stuba.sk host ldap.stuba.sk # The distinguished name of the search base. base ou=People,dc=stuba,dc=sk pam_template_login_attribute uid # Another way to specify your LDAP server is to provide an #uri ldapi://ldap.stuba.sk ldapi://ldap2.stuba.sk #uri ldaps://ldap.stuba.sk ldaps://ldap2.stuba.sk #TLS_REQCERT allow # Unix Domain Sockets to connect to a local LDAP Server. #uri ldap://127.0.0.1/ #uri ldaps://127.0.0.1/ #uri ldapi://%2fvar%2frun%2fldapi_sock/ # Note: %2f encodes the '/' used as directory separator # The LDAP version to use (defaults to 3 # if supported by client library) ldap_version 3 REFERRALS off TIMEOUT 60 NETWORK_TIMEOUT 60 TIMELIMIT 60 refferrals off timeout 60 network_timeout 60 timelimit 60 persistent-search off # The distinguished name to bind to the server with. # Optional: default is to bind anonymously. #binddn uid=fodrek,ou=People,dc=stuba,dc=sk # The credentials to bind with. # Optional: default is no credential. #bindpw secret # The distinguished name to bind to the server with # if the effective user ID is root. Password is # stored in /etc/ldap.secret (mode 600) #rootbinddn cn=manager,dc=padl,dc=com # The port. # Optional: default is 389. #port 389 # The search scope. #scope sub #scope one scope base # Search timelimit timelimit 1 # Bind/connect timelimit bind_timelimit 12 # Reconnect policy: hard (default) will retry connecting to # the software with exponential backoff, soft will fail # immediately. #bind_policy hard bind_policy soft # Idle timelimit; client will close connections # (nss_ldap only) if the server has not been contacted # for the number of seconds specified below. #idle_timelimit 3600 idle_timelimit 60 debug 99 # Filter to AND with uid=%s #pam_filter objectclass=account #pam_filter objectclass=posixAccount # The user ID attribute (defaults to uid) pam_login_attribute uid # Search the root DSE for the password policy (works # with Netscape Directory Server) #pam_lookup_policy yes # Check the 'host' attribute for access control # Default is no; if set to yes, and user has no # value for the host attribute, and pam_ldap is # configured for account management (authorization) # then the user will not be allowed to login. pam_check_host_attr no # Check the 'authorizedService' attribute for access # control # Default is no; if set to yes, and the user has no # value for the authorizedService attribute, and # pam_ldap is configured for account management # (authorization) then the user will not be allowed # to login. #pam_check_service_attr yes # Group to enforce membership of #pam_groupdn ou=People,dc=stuba,dc=sk # Group member attribute #pam_member_attribute uniquemember #pam_member_attribute uid # Specify a