[Bug 1229713] Re: nslcd auto-configuration disregards existing nslcd.conf
Robie Basak
1229713 at bugs.launchpad.net
Thu Sep 25 14:02:18 UTC 2014
Looks fine on review. Uploaded, thanks. It looks to me that bug 1350778
is a duplicate. I'll comment in that bug.
** Also affects: nss-pam-ldapd (Ubuntu Precise)
Importance: Undecided
Status: New
** Changed in: nss-pam-ldapd (Ubuntu Precise)
Status: New => In Progress
** Changed in: nss-pam-ldapd (Ubuntu)
Status: Confirmed => Fix Released
--
You received this bug notification because you are a member of Ubuntu
Sponsors Team, which is subscribed to the bug report.
https://bugs.launchpad.net/bugs/1229713
Title:
nslcd auto-configuration disregards existing nslcd.conf
Status in “nss-pam-ldapd” package in Ubuntu:
Fix Released
Status in “nss-pam-ldapd” source package in Precise:
In Progress
Bug description:
[Impact]
* When nslcd is upgraded, the config and postinst scripts run and
wrongly update /etc/nslcd.conf with values previously saved in the
debconf database. This can result in broken nslcd.conf configurations
after the upgrade (thus causing LDAP authentication, etc. to stop
working)
[Test Case]
* Install older nslcd, configuring it with a bad uri at the debconf
prompt.
* edit the /etc/nslcd.conf directly to produce a working configuration.
* Try to upgrade to a newer version of the package (but earlier than
this fix) and then notice that the uri line /etc/nslcd.conf is
changed back to the saved debconf value, thus leaving a non-working
configuration.
[Regression Potential]
* this is a cherry-pick from an upstream bzr fix (rev: #19).
* it gives preference to values currently found in /etc/nslcd.conf
over those saved in debconf in the event of an upgrade.
* tested by 2 different users and they said it works.
[Other Info]
* Original BUG description
We have nslcd already installed, with /etc/nslcd.conf listing our LDAP
servers. We also have an Active Directory server installed, which
servers the DNS SRV entries to exist in order to function properly.
Our Ubuntu servers do not use AD, however, and so when nslcd is
upgraded, the config script runs:
server=`host -N 2 -t SRV _ldap._tcp.$domain 2> /dev/null | grep -v
NXDOMAIN | awk '{print $NF}' | head -1 | sed 's/\.$//'` || true
... finds Active Directory, and replaces the LDAP servers we have in
/etc/nslcd.conf with the name of the first AD server it finds. (I
should note there are four listed, and it only adds the first one -
this is probably a separate bug)
This is unwelcome behaviour, forcing us to use --force-confold as a
workaround.
The guess_ldap_uri() function should only be called if /etc/nslcd.conf
is not usable, to prevent it overwriting valid configuration with
incorrectly guessed ones.
ProblemType: Bug
DistroRelease: Ubuntu 12.04
Package: nslcd 0.8.4ubuntu0.2
ProcVersionSignature: Ubuntu 3.2.0-53.81-generic-pae 3.2.50
Uname: Linux 3.2.0-53-generic-pae i686
ApportVersion: 2.0.1-0ubuntu17.4
Architecture: i386
Date: Tue Sep 24 14:07:45 2013
InstallationMedia: Ubuntu 10.10 "Maverick Meerkat" - Release i386 (20101007)
MarkForUpload: True
SourcePackage: nss-pam-ldapd
UpgradeStatus: Upgraded to precise on 2012-04-30 (512 days ago)
To manage notifications about this bug go to:
https://bugs.launchpad.net/ubuntu/+source/nss-pam-ldapd/+bug/1229713/+subscriptions
More information about the Ubuntu-sponsors
mailing list