[Bug 1350778] Re: Upgrading nslcd on precise rewrites /etc/nslcd.conf, leaving users with unusable systems

Arthur de Jong adejong at debian.org
Tue Aug 5 10:13:59 UTC 2014 

dpkg --compare-versions "" lt-nl "0.8" returns 1 (false) here (Debian
sid). Is this different on Ubuntu?

Debian wheezy has 0.8.10-4 which includes all the fixes mentioned above,
except for #717063. This release also includes all the changes currently
in the Ubuntu version (0.8.4ubuntu0.3).

There is also a 0.8.14-1 version available
(http://snapshot.debian.org/package/nss-pam-ldapd/0.8.14-1/) which
should be the most stable and well tested 0.8 version available.

Between 0.8.4 and 0.8.10-4 the biggest changes are:
* various logging improvements
* add ignorecase option
* I/O handling improvements (avoid broken pipes, use poll() instead of select(), etc.)
* pam_authz_search improvements
* various fixes to debconf configuration issues as described earlier
* various code improvements and small fixes

Between 0.8.10-4 and 0.8.14-1 the biggest changes are:
* add pam_password_prohibit_message option
* add sasl_canonicalize option
* a lot of small code fixes that were the result of testing tools

Diffstat between 0.8.4ubuntu0.3 and 0.8.10-4 (excluding documentation, test changes and other unrelated changes):
51 files changed, 743 insertions(+), 568 deletions(-)

Diffstat between 0.8.10-4 and 0.8.14-1 (same excludes):
57 files changed, 966 insertions(+), 818 deletions(-)

-- 
You received this bug notification because you are a member of Ubuntu
Sponsors Team, which is subscribed to the bug report.
https://bugs.launchpad.net/bugs/1350778

Title:
  Upgrading nslcd on precise rewrites /etc/nslcd.conf, leaving users
  with unusable systems

Status in “nss-pam-ldapd” package in Ubuntu:
  Confirmed

Bug description:
  Ubuntu release: 12.04.1

  Package version: 0.8.4ubuntu0.2 and 0.8.4ubuntu0.3

  We use ldap for user auth. Our /etc/nslcd.conf needed to be customised
  with certain tls and ssl options. Here's what the relevant parts
  looked like:

      # The location at which the LDAP server(s) should be reachable.
      uri ldaps://ldap.internal/
      # SSL options
      ssl yes
      # needed for internal ldap to connect
      tls_reqcert allow

  The security update in 0.8.4ubuntu0.3 was installed.

  What I expected to happen: The configuration should have been left as
  it was.

  What actually happened: the options ended up like this:

      # The location at which the LDAP server(s) should be reachable.
      uri ldaps://127.0.0.1/
      # SSL options
      ssl yes
      # needed for internal ldap to connect
      #tls_reqcert allow

  This left us unable to log in to any of our servers.

To manage notifications about this bug go to:
https://bugs.launchpad.net/ubuntu/+source/nss-pam-ldapd/+bug/1350778/+subscriptions

More information about the Ubuntu-sponsors mailing list