[Bug 1229713] Re: nslcd auto-configuration disregards existing nslcd.conf

Rafael David Tinoco rafael.tinoco at canonical.com
Fri Aug 29 12:43:48 UTC 2014


Subscribing sponsors team for this fix to get uploaded. Thank you.

-- 
You received this bug notification because you are a member of Ubuntu
Sponsors Team, which is subscribed to the bug report.
https://bugs.launchpad.net/bugs/1229713

Title:
  nslcd auto-configuration disregards existing nslcd.conf

Status in “nss-pam-ldapd” package in Ubuntu:
  Confirmed

Bug description:
  [Impact]

   * When nslcd is upgraded, the config and postinst scripts run and
     wrongly update /etc/nslcd.conf with values previously saved in the
     debconf database. This can result in broken nslcd.conf configurations
     after the upgrade (thus causing LDAP authentication, etc. to stop
     working)

  [Test Case]

   * Install older nslcd, configuring it with a bad uri at the debconf
     prompt.
   * edit the /etc/nslcd.conf directly to produce a working configuration.
   * Try to upgrade to a newer version of the package (but earlier than 
     this fix) and then notice that the uri line /etc/nslcd.conf is 
     changed back to the saved debconf value, thus leaving a non-working
     configuration.

  [Regression Potential]

   * this is a cherry-pick from an upstream bzr fix (rev: #19).
   * it gives preference to values currently found in /etc/nslcd.conf
     over those saved in debconf in the event of an upgrade.
   * tested by 2 different users and they said it works.

  [Other Info]

  * Original BUG description

  We have nslcd already installed, with /etc/nslcd.conf listing our LDAP
  servers. We also have an Active Directory server installed, which
  servers the DNS SRV entries to exist in order to function properly.
  Our Ubuntu servers do not use AD, however, and so when nslcd is
  upgraded, the config script runs:

  server=`host -N 2 -t SRV _ldap._tcp.$domain 2> /dev/null | grep -v
  NXDOMAIN | awk '{print $NF}' | head -1 | sed 's/\.$//'` || true

  ... finds Active Directory, and replaces the LDAP servers we have in
  /etc/nslcd.conf with the name of the first AD server it finds.  (I
  should note there are four listed, and it only adds the first one -
  this is probably a separate bug)

  This is unwelcome behaviour, forcing us to use --force-confold as a
  workaround.

  The guess_ldap_uri() function should only be called if /etc/nslcd.conf
  is not usable, to prevent it overwriting valid configuration with
  incorrectly guessed ones.

  ProblemType: Bug
  DistroRelease: Ubuntu 12.04
  Package: nslcd 0.8.4ubuntu0.2
  ProcVersionSignature: Ubuntu 3.2.0-53.81-generic-pae 3.2.50
  Uname: Linux 3.2.0-53-generic-pae i686
  ApportVersion: 2.0.1-0ubuntu17.4
  Architecture: i386
  Date: Tue Sep 24 14:07:45 2013
  InstallationMedia: Ubuntu 10.10 "Maverick Meerkat" - Release i386 (20101007)
  MarkForUpload: True
  SourcePackage: nss-pam-ldapd
  UpgradeStatus: Upgraded to precise on 2012-04-30 (512 days ago)

To manage notifications about this bug go to:
https://bugs.launchpad.net/ubuntu/+source/nss-pam-ldapd/+bug/1229713/+subscriptions



More information about the Ubuntu-sponsors mailing list