Public bug reported:
Here is a problem with setting up an "external" sasl auth parameter in
/etc/nslcd.conf with debconf and dpkg-reconfigure (see short session log
below).
Usually I use sasl_mech "external" configured in nslcd.conf and all is
fine, except ongoing ubuntu/debian updates, every time a package is
updated a debconf reconfigures it to keep configuration settings
"correct" in a way a developer/maintainer of that package should know -
it always remove "external" with "auto", and thus fails to connect to
slapd, since in my slapd config only external is allowed (it is a
requirement).
I was unable to find a place to report a bug in ubuntu repos (nslcd
belongs to universe, and not a part of ubuntu), and if some can point
out a good link, it wold be very helpful to report bug more
"officially".
The main problem is that I can use "external" sasl mech, but it is
unconditionally overwriten every update to the "auto", which makes nslcd
disconnected from slapd, and require handy intervention every time
(sorry, tired) to manually check /etc/nslcd.conf, and remove "auto" with
"external". :)
Here is a sequence of commands to show the effect of "external" mech
setting up. Please, take into account that setting /etc/nslcd.conf
manually with vi or emacs has the same result - after update (e.g.
debconf noninteractive reconfiguring) it always becomes "auto" instead
of required "external". Please Help!
# echo nslcd nslcd/ldap-sasl-mech select external | debconf-set-
selections
# debconf-show nslcd
* nslcd/ldap-bindpw: (password omitted)
* nslcd/ldap-sasl-realm:
* nslcd/ldap-starttls: false
nslcd/ldap-sasl-krb5-ccname: /var/run/nslcd/nslcd.tkt
* nslcd/ldap-auth-type: SASL
nslcd/ldap-reqcert:
* nslcd/ldap-uris: ldapi:///
* nslcd/ldap-sasl-secprops:
nslcd/ldap-binddn:
* nslcd/ldap-sasl-authcid:
* nslcd/ldap-sasl-mech: external
* nslcd/ldap-base: dc=local
* nslcd/ldap-sasl-authzid:
# dpkg-reconfigure -f noninteractive nslcd
* Stopping LDAP connection daemon nslcd
[ OK ]
* Starting LDAP connection daemon nslcd
[ OK ]
# debconf-show nslcd
* nslcd/ldap-bindpw: (password omitted)
* nslcd/ldap-sasl-realm:
* nslcd/ldap-starttls: false
nslcd/ldap-sasl-krb5-ccname: /var/run/nslcd/nslcd.tkt
* nslcd/ldap-auth-type: SASL
nslcd/ldap-reqcert:
* nslcd/ldap-uris: ldapi:///
* nslcd/ldap-sasl-secprops:
nslcd/ldap-binddn:
* nslcd/ldap-sasl-authcid:
* nslcd/ldap-sasl-mech: auto
* nslcd/ldap-base: dc=local
* nslcd/ldap-sasl-authzid:
# cat /etc/nslcd.conf
uid 0
gid 0
ldap_version 3
sasl_mech auto
uri ldapi:///
rootpwmoddn cn=admin,dc=local
pam_authz_search
(&(objectClass=posixAccount)(uid=$username)(|(host=$hostname)(host=$fqdn)(host=\\*)))
base dc=local
** Affects: nss-pam-ldapd (Ubuntu)
Importance: Undecided
Status: New
--
You received this bug notification because you are a member of Ubuntu
Bugs, which is subscribed to Ubuntu.
https://bugs.launchpad.net/bugs/1063923
Title:
nslcd config and debconf
To manage notifications about this bug go to:
https://bugs.launchpad.net/ubuntu/+source/nss-pam-ldapd/+bug/1063923/+subscriptions
--
ubuntu-bugs mailing list
[email protected]
https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs
