[Bug 334374] Re: libnss-ldap should not depend on libpam-ldap

Daniel Richard G. skunk at iskunk.org
Fri Apr 26 18:17:33 UTC 2013 

Robie, thanks for commenting.

Note that the ldap-auth-config package does not preclude alternate forms
of managing /etc/ldap.conf. It won't touch an existing config file, nor
complain if the one it creates is modified. Also, while this package
does not exist in Debian, the file is still created when libnss-ldap or
libpam-ldap is installed---there is no expectation that the user will
create this file (let alone *know* to create this particular file) from
scratch.

The reason why I think a hard dependency is warranted is that if you
install libnss-ldap without libpam-ldap, not only are you left with no
config file for the former (i.e. /etc/ldap.conf), you could easily be
misled into thinking that /etc/ldap/ldap.conf (from the libldap package)
is relevant---especially as "man ldap.conf" refers to the latter. This
is the scenario I encountered, and IMO it made clear why weakening the
dependency on ldap-auth-config was the wrong way to go.

(Bug 1016592, and this one, would still be addressed by weakening the
ldap-auth-config -> ldap-auth-client dependency instead.)

As far as Debian is concerned, I would strongly advocate for having
ldap-auth-config (and perhaps ldap-auth-client and friends) paralleled
there. Right now, you have duplicate logic in the libnss-ldap and
libpam-ldap package postinst scripts; Ubuntu's approach essentially
factors that out into a separate package. The only change I would make
is downgrade the ldap-auth-config -> ldap-auth-client dependency to a
Suggests (or nothing), to eliminate the cycle in the dependency graph.

-- 
You received this bug notification because you are a member of Ubuntu
Foundations Bugs, which is subscribed to libnss-ldap in Ubuntu.
https://bugs.launchpad.net/bugs/334374

Title:
  libnss-ldap should not depend on libpam-ldap

Status in “ldap-auth-client” package in Ubuntu:
  New
Status in “libnss-ldap” package in Ubuntu:
  Fix Released
Status in “libnss-ldap” package in Kairos Linux:
  Confirmed

Bug description:
  Binary package hint: libnss-ldap

  I use LDAP to manage users and groups and Kerberos for
  authentification

  thus, I need libnss-ldap and libpam-krb5, but NOT libpam-ldap

  also note https://bugs.launchpad.net/bugs/306054 (which has auth-
  client-config as starting poing)

To manage notifications about this bug go to:
https://bugs.launchpad.net/ubuntu/+source/ldap-auth-client/+bug/334374/+subscriptions

More information about the foundations-bugs mailing list