[Bug 1350778] Re: Upgrading nslcd on precise rewrites /etc/nslcd.conf, leaving users with unusable systems

Mike Heald 1350778 at bugs.launchpad.net
Tue Aug 5 09:18:22 UTC 2014 

> On my system dpkg --compare-versions "" lt-nl "0.8" is false so it
would seem the code is also not run on fresh installs

It does run on fresh installs. You're getting confused between a 0
return code, which means the command succeeded and the condition passes,
and false. In most other languages, 0 would be false, but not in a bash
script, where a 0 return code means it succeeded :)

Good point about dpkg-reconfigure. I'll work on a debdiff with the
patches you listed.

Out of interest, how much work do you think it would be to upgrade the
package to the latest 0.8 release? We have another couple of years left
with precise as a supported release, and I'd like to keep this package
as close to upstream as possible. Should the 0.8 branch apply pretty
cleanly?

-- 
You received this bug notification because you are a member of Ubuntu
Sponsors Team, which is subscribed to the bug report.
https://bugs.launchpad.net/bugs/1350778

Title:
  Upgrading nslcd on precise rewrites /etc/nslcd.conf, leaving users
  with unusable systems

Status in “nss-pam-ldapd” package in Ubuntu:
  Confirmed

Bug description:
  Ubuntu release: 12.04.1

  Package version: 0.8.4ubuntu0.2 and 0.8.4ubuntu0.3

  We use ldap for user auth. Our /etc/nslcd.conf needed to be customised
  with certain tls and ssl options. Here's what the relevant parts
  looked like:

      # The location at which the LDAP server(s) should be reachable.
      uri ldaps://ldap.internal/
      # SSL options
      ssl yes
      # needed for internal ldap to connect
      tls_reqcert allow

  The security update in 0.8.4ubuntu0.3 was installed.

  What I expected to happen: The configuration should have been left as
  it was.

  What actually happened: the options ended up like this:

      # The location at which the LDAP server(s) should be reachable.
      uri ldaps://127.0.0.1/
      # SSL options
      ssl yes
      # needed for internal ldap to connect
      #tls_reqcert allow

  This left us unable to log in to any of our servers.

To manage notifications about this bug go to:
https://bugs.launchpad.net/ubuntu/+source/nss-pam-ldapd/+bug/1350778/+subscriptions

More information about the Ubuntu-sponsors mailing list