[Bug 1000205] Re: Upgrade from 10.04 to 12.04 server breaks configuration of nslcd

Brian Murray brian at ubuntu.com
Wed Jul 18 20:01:14 UTC 2012 

I've uploaded the debdiff to precise-proposed and it is now awaiting
approval from a member of the SRU team.

** Changed in: nss-pam-ldapd (Ubuntu Precise)
       Status: Triaged => Fix Committed

-- 
You received this bug notification because you are a member of Ubuntu
Sponsors Team, which is subscribed to the bug report.
https://bugs.launchpad.net/bugs/1000205

Title:
  Upgrade from 10.04 to 12.04 server breaks configuration of nslcd

Status in “nss-pam-ldapd” package in Ubuntu:
  Fix Released
Status in “nss-pam-ldapd” source package in Precise:
  Fix Committed
Status in “nss-pam-ldapd” package in Debian:
  Fix Released

Bug description:
  [IMPACT]

  This bug affects people who use a mix of debconf and manual
  configuration of the nslcd.conf file or possibly people who are
  upgrading from an earlier release that does not include the
  ldap-auth-type debconf configuration setting (there could be more
  cases).

  This breaks LDAP authentication on upgrades quietly removing LDAP users
  from the system and will break it again if the package is
  upgraded/reinstalled.

  [TESTCASE]

  The easiest way to trigger the underlying bug is to use debconf to
  configure no authentication, then change the config by hand with the
  binddn and bindpw options and then reinstall or upgrade.

  apt-get purge nslcd
  apt-get install libnss-ldapd nslcd
  [with debconf choose no authentication]
  [edit /etc/nslcd.conf and set binddn and bindpw]
  [restart nslcd and verify that getent passwd returns LDAP users]
  apt-get --reinstall install nslcd

  You need an LDAP server to test this obviously.

  [Regression Potential]

  This fix was in Debian unstable (#670133, fixed in 0.8.8-1) and has not
  seen any regressions so far. The change could have an affect for debconf
  preseeding which is quite complex to do right.

  Preconfiguring nslcd is much simpler when pre-installing an nslcd.conf
  file (which will be preserved on installation) although debconf
  preseeding should work for most configurations.

  * Original Description *

  Doing a do-release-upgrade from 10.04 server to 12.04 server breaks
  the configuration in /etc/nslcd.conf. Custom modifications are
  partially commented out, at least the directive bindpw is commented
  out which leaves nslcd non functioning after the release upgrade.

  There was no question regarding overwriting the manually modified
  configuration file nor was the original one saved. Using ldap for
  authentication (e.g. in the pam stack and / or for nsswitch) this
  breaks the login process.

To manage notifications about this bug go to:
https://bugs.launchpad.net/ubuntu/+source/nss-pam-ldapd/+bug/1000205/+subscriptions

More information about the Ubuntu-sponsors mailing list