[Bug 1000205] Re: Upgrade from 10.04 to 12.04 server breaks configuration of nslcd

Brian Murray brian at ubuntu.com
Wed Jul 18 19:27:52 UTC 2012 

This is presumably fixed in quantal as it has version 0.8.10 in it.

** Also affects: nss-pam-ldapd (Ubuntu Precise)
   Importance: Undecided
       Status: New

** Changed in: nss-pam-ldapd (Ubuntu)
       Status: Confirmed => Fix Released

** Changed in: nss-pam-ldapd (Ubuntu Precise)
       Status: New => Triaged

** Changed in: nss-pam-ldapd (Ubuntu Precise)
   Importance: Undecided => High

** Description changed:

+ [IMPACT]
+ 
+ This bug affects people who use a mix of debconf and manual
+ configuration of the nslcd.conf file or possibly people who are
+ upgrading from an earlier release that does not include the
+ ldap-auth-type debconf configuration setting (there could be more
+ cases).
+ 
+ This breaks LDAP authentication on upgrades quietly removing LDAP users
+ from the system and will break it again if the package is
+ upgraded/reinstalled.
+ 
+ [TESTCASE]
+ 
+ The easiest way to trigger the underlying bug is to use debconf to
+ configure no authentication, then change the config by hand with the
+ binddn and bindpw options and then reinstall or upgrade.
+ 
+ apt-get purge nslcd
+ apt-get install libnss-ldapd nslcd
+ [with debconf choose no authentication]
+ [edit /etc/nslcd.conf and set binddn and bindpw]
+ [restart nslcd and verify that getent passwd returns LDAP users]
+ apt-get --reinstall install nslcd
+ 
+ You need an LDAP server to test this obviously.
+ 
+ [Regression Potential]
+ 
+ This fix was in Debian unstable (#670133, fixed in 0.8.8-1) and has not
+ seen any regressions so far. The change could have an affect for debconf
+ preseeding which is quite complex to do right.
+ 
+ Preconfiguring nslcd is much simpler when pre-installing an nslcd.conf
+ file (which will be preserved on installation) although debconf
+ preseeding should work for most configurations.
+ 
+ * Original Description *
+ 
  Doing a do-release-upgrade from 10.04 server to 12.04 server breaks the
  configuration in /etc/nslcd.conf. Custom modifications are partially
  commented out, at least the directive bindpw is commented out which
  leaves nslcd non functioning after the release upgrade.
  
  There was no question regarding overwriting the manually modified
  configuration file nor was the original one saved. Using ldap for
  authentication (e.g. in the pam stack and / or for nsswitch) this breaks
  the login process.

-- 
You received this bug notification because you are a member of Ubuntu
Sponsors Team, which is subscribed to the bug report.
https://bugs.launchpad.net/bugs/1000205

Title:
  Upgrade from 10.04 to 12.04 server breaks configuration of nslcd

Status in “nss-pam-ldapd” package in Ubuntu:
  Fix Released
Status in “nss-pam-ldapd” source package in Precise:
  Triaged
Status in “nss-pam-ldapd” package in Debian:
  Fix Released

Bug description:
  [IMPACT]

  This bug affects people who use a mix of debconf and manual
  configuration of the nslcd.conf file or possibly people who are
  upgrading from an earlier release that does not include the
  ldap-auth-type debconf configuration setting (there could be more
  cases).

  This breaks LDAP authentication on upgrades quietly removing LDAP users
  from the system and will break it again if the package is
  upgraded/reinstalled.

  [TESTCASE]

  The easiest way to trigger the underlying bug is to use debconf to
  configure no authentication, then change the config by hand with the
  binddn and bindpw options and then reinstall or upgrade.

  apt-get purge nslcd
  apt-get install libnss-ldapd nslcd
  [with debconf choose no authentication]
  [edit /etc/nslcd.conf and set binddn and bindpw]
  [restart nslcd and verify that getent passwd returns LDAP users]
  apt-get --reinstall install nslcd

  You need an LDAP server to test this obviously.

  [Regression Potential]

  This fix was in Debian unstable (#670133, fixed in 0.8.8-1) and has not
  seen any regressions so far. The change could have an affect for debconf
  preseeding which is quite complex to do right.

  Preconfiguring nslcd is much simpler when pre-installing an nslcd.conf
  file (which will be preserved on installation) although debconf
  preseeding should work for most configurations.

  * Original Description *

  Doing a do-release-upgrade from 10.04 server to 12.04 server breaks
  the configuration in /etc/nslcd.conf. Custom modifications are
  partially commented out, at least the directive bindpw is commented
  out which leaves nslcd non functioning after the release upgrade.

  There was no question regarding overwriting the manually modified
  configuration file nor was the original one saved. Using ldap for
  authentication (e.g. in the pam stack and / or for nsswitch) this
  breaks the login process.

To manage notifications about this bug go to:
https://bugs.launchpad.net/ubuntu/+source/nss-pam-ldapd/+bug/1000205/+subscriptions

More information about the Ubuntu-sponsors mailing list