nslcd config and debconf
[Date Prev][Date Next] [Thread Prev][Thread Next]nslcd config and debconf
- From: Василий Молостов <molostoff [at] gmail.com>
- To: nss-pam-ldapd-users [at] lists.arthurdejong.org
- Subject: nslcd config and debconf
- Date: Mon, 8 Oct 2012 20:43:32 +0400
Here is a problem with setting up an "external" sasl auth parameter in /etc/nslcd.conf with debconf and dpkg-reconfigure (see short session log below).
Usually I use sasl_mech "external" configured in nslcd.conf and all is fine, except ongoing ubuntu/debian updates, every time a package is updated a debconf reconfigures it to keep configuration settings "correct" in a way a developer/maintainer of that package should know - it always remove "external" with "auto", and thus fails to connect to slapd, since in my slapd config only external is allowed (it is a requirement).
Usually I use sasl_mech "external" configured in nslcd.conf and all is fine, except ongoing ubuntu/debian updates, every time a package is updated a debconf reconfigures it to keep configuration settings "correct" in a way a developer/maintainer of that package should know - it always remove "external" with "auto", and thus fails to connect to slapd, since in my slapd config only external is allowed (it is a requirement).
I was unable to find a place to report a bug in ubuntu repos (nslcd belongs to universe, and not a part of ubuntu), and if some can point out a good link, it wold be very helpful to report bug more "officially".
The main problem is that I can use "external" sasl mech, but it is unconditionally overwriten every update to the "auto", which makes nslcd disconnected from slapd, and require handy intervention every time (sorry, tired) to manually check /etc/nslcd.conf, and remove "auto" with "external". :)
Here is a sequence of commands to show the effect of "external" mech setting up. Please, take into account that setting /etc/nslcd.conf manually with vi or emacs has the same result - after update (e.g. debconf noninteractive reconfiguring) it always becomes "auto" instead of required "external". Please Help!
# echo nslcd nslcd/ldap-sasl-mech select external | debconf-set-selections
# debconf-show nslcd
* nslcd/ldap-bindpw: (password omitted)
* nslcd/ldap-sasl-realm:
* nslcd/ldap-starttls: false
nslcd/ldap-sasl-krb5-ccname: /var/run/nslcd/nslcd.tkt
* nslcd/ldap-auth-type: SASL
nslcd/ldap-reqcert:
* nslcd/ldap-uris: ldapi:///
* nslcd/ldap-sasl-secprops:
nslcd/ldap-binddn:
* nslcd/ldap-sasl-authcid:
* nslcd/ldap-sasl-mech: external
* nslcd/ldap-base: dc=local
* nslcd/ldap-sasl-authzid:
# dpkg-reconfigure -f noninteractive nslcd
* Stopping LDAP connection daemon nslcd [ OK ]
* Starting LDAP connection daemon nslcd [ OK ]
# debconf-show nslcd
* nslcd/ldap-bindpw: (password omitted)
* nslcd/ldap-sasl-realm:
* nslcd/ldap-starttls: false
nslcd/ldap-sasl-krb5-ccname: /var/run/nslcd/nslcd.tkt
* nslcd/ldap-auth-type: SASL
nslcd/ldap-reqcert:
* nslcd/ldap-uris: ldapi:///
* nslcd/ldap-sasl-secprops:
nslcd/ldap-binddn:
* nslcd/ldap-sasl-authcid:
* nslcd/ldap-sasl-mech: auto
* nslcd/ldap-base: dc=local
* nslcd/ldap-sasl-authzid:
# cat /etc/nslcd.conf
uid 0
gid 0
ldap_version 3
sasl_mech auto
uri ldapi:///
rootpwmoddn cn=admin,dc=local
pam_authz_search (&(objectClass=posixAccount)(uid=$username)(|(host=$hostname)(host=$fqdn)(host=\\*)))
base dc=local
-- To unsubscribe send an email to nss-pam-ldapd-users-unsubscribe@lists.arthurdejong.org or see http://lists.arthurdejong.org/nss-pam-ldapd-users/
- nslcd config and debconf, Василий Молостов
- Re: nslcd config and debconf,
Arthur de Jong
- Re: nslcd config and debconf,
Vasiliy Molostov
- Re: nslcd config and debconf,
Arthur de Jong
- Re: nslcd config and debconf, Vasiliy Molostov
- Re: nslcd config and debconf,
Arthur de Jong
- Re: nslcd config and debconf,
Vasiliy Molostov
- Prev by Date: Re: nslcd and ubuntu 10.04
- Next by Date: Re: nslcd config and debconf
- Previous by thread: Re: nslcd and ubuntu 10.04
- Next by thread: Re: nslcd config and debconf