Bug#717918: Bug#717917: RM: libnss-ldap -- RoQA; orphaned, RC buggy, alternatives exist
Hi, what's the status of libpam-ldap removal? Should we process this or close the bug? -- To UNSUBSCRIBE, email to debian-bugs-dist-requ...@lists.debian.org with a subject of unsubscribe. Trouble? Contact listmas...@lists.debian.org
Bug#717918: Bug#717917: RM: libnss-ldap -- RoQA; orphaned, RC buggy, alternatives exist
On Wed, 2013-11-06 at 12:09 +0100, Luca Falavigna wrote: what's the status of libpam-ldap removal? Should we process this or close the bug? I'm still planning to upload a new version soonish (but not picking up permanent maintainership). Some work is already in collab-maint: http://anonscm.debian.org/viewvc/collab-maint/deb-maint/libpam-ldap/trunk/ An annoying RC bug is #706185 (which is basically the same as #706182 for libnss-ldap). While the bug is RC, it shouldn't affect too many users. Anyway, I think libpam-ldap still has a few features that libpam-ldapd doesn't have (mostly password modification functionality). Can't promise a timeline for uploading a new libpam-ldap though. -- -- arthur - adej...@debian.org - http://people.debian.org/~adejong -- signature.asc Description: This is a digitally signed message part
Bug#717917: RM: libnss-ldap -- RoQA; orphaned, RC buggy, alternatives exist
On Fri, 2013-07-26 at 10:26 -0400, Barry deFreese wrote: Please see the following reasons for the removal request: * Orphaned. * RC buggy. * Alternatives exist (libnss-ldapd, sssd). Hi, I'm the maintainer (and upstream) of nss-pam-ldapd. Since libnss-ldap and libpam-ldap are related, I'll comment in one email. While I think nss-pam-ldapd is in general a good replacement for libnss-ldap and libpam-ldap in most environments there are a few differences that remain: - nss-pam-ldapd only got support for nested groups in the 0.9 series which is still under development - LDAP password policy is only supported in the 0.9 series - I'm not sure how well it integrates with nss_updatedb and libpam-ccreds - the PAM implementation only supports BIND authentication - password change only supports the LDAP password modify EXOP operation (for most other differences there should be equivalent functionality in nss-pam-ldapd) (I can't comment on sssd because I don't have enough first-hand experience with it) Also, judging by the popcon numbers: http://qa.debian.org/popcon-png.php?packages=nslcd%20libnss-ldapd%20libpam-ldapd%20libnss-ldap%20libpam-ldap%20libnss-sss%20libpam-how_installed=onwant_legend=on the older implementations are still more popular than the alternatives. In short, I think there is some value in keeping libnss-ldap and libpam-ldap in Debian. The packages could be in better shape though and deserve a new maintainer (#699114 and #699116). Thanks, -- -- arthur - adej...@debian.org - http://people.debian.org/~adejong -- signature.asc Description: This is a digitally signed message part
Bug#717917: RM: libnss-ldap -- RoQA; orphaned, RC buggy, alternatives exist
-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 On 7/27/2013 8:48 AM, Arthur de Jong wrote: On Fri, 2013-07-26 at 10:26 -0400, Barry deFreese wrote: Please see the following reasons for the removal request: * Orphaned. * RC buggy. * Alternatives exist (libnss-ldapd, sssd). Hi, I'm the maintainer (and upstream) of nss-pam-ldapd. Since libnss-ldap and libpam-ldap are related, I'll comment in one email. While I think nss-pam-ldapd is in general a good replacement for libnss-ldap and libpam-ldap in most environments there are a few differences that remain: - nss-pam-ldapd only got support for nested groups in the 0.9 series which is still under development - LDAP password policy is only supported in the 0.9 series - I'm not sure how well it integrates with nss_updatedb and libpam-ccreds - the PAM implementation only supports BIND authentication - password change only supports the LDAP password modify EXOP operation (for most other differences there should be equivalent functionality in nss-pam-ldapd) (I can't comment on sssd because I don't have enough first-hand experience with it) Also, judging by the popcon numbers: http://qa.debian.org/popcon-png.php?packages=nslcd%20libnss-ldapd%20libpam-ldapd%20libnss-ldap%20libpam-ldap%20libnss-sss%20libpam-how_installed=onwant_legend=on the older implementations are still more popular than the alternatives. In short, I think there is some value in keeping libnss-ldap and libpam-ldap in Debian. The packages could be in better shape though and deserve a new maintainer (#699114 and #699116). Thanks, Arthur, I have been working on these for a couple of weeks. I even spent the time updating to the latest upstreams and fixing up the packaging. However, the consensus seems to be to just get rid of them since no one seems to care for them. Libnss-ldap has been broken for at least 2 releases. I am also concerned about the high popcon, however, so far I have been unsuccessful in actually finding a user that actually uses it that could do any real testing for me.. I am not particularly familiar with ldap myself. Thanks, - -- Barry deFreese Sometimes helper, sometimes hinderer to: Debian Games, QA, GNU/Hurd -BEGIN PGP SIGNATURE- Version: GnuPG v2.0.19 (MingW32) Comment: Using GnuPG with Thunderbird - http://www.enigmail.net/ iEYEARECAAYFAlHzy24ACgkQ5ItltUs5T37qAACg3bISN3LFSyIp0ON/2IUceJsl dAcAnRlACr965Y7rCyyGXhDpeX4Il69X =BA3n -END PGP SIGNATURE- -- To UNSUBSCRIBE, email to debian-bugs-dist-requ...@lists.debian.org with a subject of unsubscribe. Trouble? Contact listmas...@lists.debian.org
Bug#717917: RM: libnss-ldap -- RoQA; orphaned, RC buggy, alternatives exist
On Sat, 2013-07-27 at 09:30 -0400, Barry deFreese wrote: I have been working on these for a couple of weeks. I even spent the time updating to the latest upstreams and fixing up the packaging. Do you have this in a VCS somewhere? I'd be happy to contribute. However, the consensus seems to be to just get rid of them since no one seems to care for them. Libnss-ldap has been broken for at least 2 releases. I'm not convinced the packages are so broken they're unusable for most users. Another situation in which libpam-ldap is still useful: with nss-pam-ldapd the LDAP servers configured are the same for NSS and PAM while pam_ldap can also be provided with a config parameter that would allow LDAP authentication against a different LDAP server per authentication service. I am also concerned about the high popcon, however, so far I have been unsuccessful in actually finding a user that actually uses it that could do any real testing for me.. I am not particularly familiar with ldap myself. As I'm the maintainer of nss-pam-ldapd I can test the packages in my test environment but I don't use it anywhere in production. Perhaps someone from Ubuntu is also interested in helping out. -- -- arthur - adej...@debian.org - http://people.debian.org/~adejong -- signature.asc Description: This is a digitally signed message part
Bug#717917: RM: libnss-ldap -- RoQA; orphaned, RC buggy, alternatives exist
Package: ftp.debian.org Severity: normal Hello, Please see the following reasons for the removal request: * Orphaned. * RC buggy. * Alternatives exist (libnss-ldapd, sssd). Thank you, -- Barry deFreese Sometimes helper, sometimes hinderer to: Debian Games, QA, GNU/Hurd -- To UNSUBSCRIBE, email to debian-bugs-dist-requ...@lists.debian.org with a subject of unsubscribe. Trouble? Contact listmas...@lists.debian.org