** Description changed:
[Impact]
- * When nslcd is upgraded, the config script runs and wrongly updates
- /etc/nslcd.conf with the name of the first AD server it finds. this
- should not happen.
+ * When nslcd is upgraded, the config and postinst scripts run and
+ wrongly update /etc/nslcd.conf with values previously saved in the
+ debconf database. This can result in broken nslcd.conf configurations
+ after the upgrade (thus causing LDAP authentication, etc. to stop
+ working)
[Test Case]
- * Install older nslcd and configure its /etc/nslcd.conf.
- * Try to upgrade to a newer version (up to this fix) and
- check /etc/nslcd.conf was changed during the package
- upgrade.
+ * Install older nslcd, configuring it with a bad uri at the debconf
+ prompt.
+ * edit the /etc/nslcd.conf directly to produce a working configuration.
+ * Try to upgrade to a newer version of the package (but earlier than
+ this fix) and then notice that the uri line /etc/nslcd.conf is
+ changed back to the saved debconf value, thus leaving a non-working
+ configuration.
[Regression Potential]
- * this is a cherry-pick from an upstream bzr fix (rev: #19).
- * it ignores already configured debconf values on the event
- of an upgrade.
- * tested by 2 different users and they said it works.
+ * this is a cherry-pick from an upstream bzr fix (rev: #19).
+ * it gives preference to values currently found in /etc/nslcd.conf
+ over those saved in debconf in the event of an upgrade.
+ * tested by 2 different users and they said it works.
[Other Info]
* Original BUG description
We have nslcd already installed, with /etc/nslcd.conf listing our LDAP
servers. We also have an Active Directory server installed, which
servers the DNS SRV entries to exist in order to function properly. Our
Ubuntu servers do not use AD, however, and so when nslcd is upgraded,
the config script runs:
server=`host -N 2 -t SRV _ldap._tcp.$domain 2> /dev/null | grep -v
NXDOMAIN | awk '{print $NF}' | head -1 | sed 's/\.$//'` || true
... finds Active Directory, and replaces the LDAP servers we have in
/etc/nslcd.conf with the name of the first AD server it finds. (I
should note there are four listed, and it only adds the first one - this
is probably a separate bug)
This is unwelcome behaviour, forcing us to use --force-confold as a
workaround.
The guess_ldap_uri() function should only be called if /etc/nslcd.conf
is not usable, to prevent it overwriting valid configuration with
incorrectly guessed ones.
ProblemType: Bug
DistroRelease: Ubuntu 12.04
Package: nslcd 0.8.4ubuntu0.2
ProcVersionSignature: Ubuntu 3.2.0-53.81-generic-pae 3.2.50
Uname: Linux 3.2.0-53-generic-pae i686
ApportVersion: 2.0.1-0ubuntu17.4
Architecture: i386
Date: Tue Sep 24 14:07:45 2013
InstallationMedia: Ubuntu 10.10 "Maverick Meerkat" - Release i386 (20101007)
MarkForUpload: True
SourcePackage: nss-pam-ldapd
UpgradeStatus: Upgraded to precise on 2012-04-30 (512 days ago)
--
You received this bug notification because you are a member of Ubuntu
Bugs, which is subscribed to Ubuntu.
https://bugs.launchpad.net/bugs/1229713
Title:
nslcd auto-configuration disregards existing nslcd.conf
To manage notifications about this bug go to:
https://bugs.launchpad.net/ubuntu/+source/nss-pam-ldapd/+bug/1229713/+subscriptions
--
ubuntu-bugs mailing list
[email protected]
https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs
