Your message dated Thu, 30 Dec 2010 22:17:11 +0000
with message-id <[email protected]>
and subject line Bug#607640: fixed in nss-pam-ldapd 0.8.0
has caused the Debian Bug report #607640,
regarding nslcd: Allow tilde (~) in group names and user names
to be marked as done.
This means that you claim that the problem has been dealt with.
If this is not the case it is now your responsibility to reopen the
Bug report if necessary, and/or fix the problem forthwith.
(NB: If you are a system administrator and have no idea what this
message is talking about, this may indicate a serious mail system
misconfiguration somewhere. Please contact [email protected]
immediately.)
--
607640: http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=607640
Debian Bug Tracking System
Contact [email protected] with problems
--- Begin Message ---
Package: nslcd
Version: 0.7.13
Severity: wishlist
Tags: patch
Hi,
nslcd refuses to return group names which contain a tilde. It does this on
the basis that it's not part of the portable filename character set:
http://pubs.opengroup.org/onlinepubs/9699919799/basedefs/V1_chap03.html#tag_03_276
I would argue that it's not really nslcd's job to validate what's in the
directory and that it's up to the user to decide whether he cares about
the portability of his user/group names.
You have already added exceptions by allowing "$" and I would like to ask
you to add another exception for "~".
But you should probably revisit the problem as a whole.
Good programming principles is to be tolerant in what you read but be
strict in what you send. By that I mean that it's not really nslcd's job
to impose supplementary restrictions that are not needed. Or at least
those restrictions should be configurable so that they can be disabled.
For your information, the diff I used to fix the problem that a customer
of mine encountered is here:
https://launchpad.net/~hertzog/+archive/freexian-bugfixes/+files/nss-pam-ldapd_0.7.2-1.diff.gz
-- System Information:
Debian Release: 6.0
APT prefers unstable
APT policy: (500, 'unstable'), (500, 'testing'), (500, 'stable'), (150,
'experimental')
Architecture: i386 (x86_64)
Kernel: Linux 2.6.32-5-amd64 (SMP w/2 CPU cores)
Locale: LANG=fr_FR.UTF-8, LC_CTYPE=fr_FR.UTF-8 (charmap=UTF-8)
Shell: /bin/sh linked to /bin/dash
--- End Message ---
--- Begin Message ---
Source: nss-pam-ldapd
Source-Version: 0.8.0
We believe that the bug you reported is fixed in the latest version of
nss-pam-ldapd, which is due to be installed in the Debian FTP archive:
libnss-ldapd_0.8.0_i386.deb
to main/n/nss-pam-ldapd/libnss-ldapd_0.8.0_i386.deb
libpam-ldapd_0.8.0_i386.deb
to main/n/nss-pam-ldapd/libpam-ldapd_0.8.0_i386.deb
nslcd_0.8.0_i386.deb
to main/n/nss-pam-ldapd/nslcd_0.8.0_i386.deb
nss-pam-ldapd_0.8.0.dsc
to main/n/nss-pam-ldapd/nss-pam-ldapd_0.8.0.dsc
nss-pam-ldapd_0.8.0.tar.gz
to main/n/nss-pam-ldapd/nss-pam-ldapd_0.8.0.tar.gz
A summary of the changes between this version and the previous one is
attached.
Thank you for reporting the bug, which will now be closed. If you
have further comments please address them to [email protected],
and the maintainer will reopen the bug report if appropriate.
Debian distribution maintenance software
pp.
Arthur de Jong <[email protected]> (supplier of updated nss-pam-ldapd package)
(This message was generated automatically at their request; if you
believe that there is a problem with it please contact the archive
administrators by mailing [email protected])
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
Format: 1.8
Date: Thu, 30 Dec 2010 20:00:00 +0100
Source: nss-pam-ldapd
Binary: nslcd libnss-ldapd libpam-ldapd
Architecture: source i386
Version: 0.8.0
Distribution: experimental
Urgency: low
Maintainer: Arthur de Jong <[email protected]>
Changed-By: Arthur de Jong <[email protected]>
Description:
libnss-ldapd - NSS module for using LDAP as a naming service
libpam-ldapd - PAM module for using LDAP as an authentication service
nslcd - Daemon for NSS and PAM lookups using LDAP
Closes: 586532 604147 607640
Changes:
nss-pam-ldapd (0.8.0) experimental; urgency=low
.
* include Solaris support developed by Ted C. Cheng of Symas Corporation
* include an experimental partial implementation of nslcd in Python
(disabled by default, see --enable-pynslcd configure option)
* implement a nss_min_uid option to filter user entries returned by LDAP
* implement a rootpwmodpw option that allows the root user to change a
user's password without a password prompt
* try to update the shadowLastChange attribute on password change
* all log messages now include a description of the request to more easily
track problems when not running in debug mode
* allow attribute mapping expressions for the userPassword attribute for
passwd, group and shadow entries and by default map it to the unmatchable
password ("*") to avoid accidentally leaking password information
* numerous compatibility improvements
* add --with-pam-seclib-dir and --with-pam-ldap-soname configure options to
allow more control of hot to install the PAM module
* add --with-nss-flavour and --with-nss-maps configure options to support
other C libraries and limit which NSS modules to install
* allow tilde (~) in user and group names (closes: #607640)
* improvements to the timeout mechanism (connections are now actively timed
out using the idle_timelimit option)
* set socket timeouts on the LDAP connection to disconnect regardless of
LDAP and possibly TLS handling of connection
* better disconnect/reconnect handling of error conditions
* some code improvements and cleanups and several smaller bug fixes
* all internal string comparisons are now also case sensitive (e.g. for
providing DN to username lookups, etc)
* signal handling in the daemon was changed to behave more reliable across
different threading implementations
* nslcd will now always return a positive authorisation result during
authentication to avoid confusing the PAM module when it is only used for
authorisation (closes: #604147)
* implement configuring SASL authentication using Debconf, based on a patch
by Daniel Dehennin (closes: #586532) (not called for translations yet
because the English text is likely to change)
Checksums-Sha1:
32d648abf5dd47cadfbfe89f6c3c3c01bb06050d 1102 nss-pam-ldapd_0.8.0.dsc
324bd8a15708e54dde9426c9d3474f59a36e18a7 522812 nss-pam-ldapd_0.8.0.tar.gz
95620f2de2decc288f0beabaa7f563bcf048dde6 127242 nslcd_0.8.0_i386.deb
8854a9ba463895252eaf7db95fb785ab46fc1e20 44448 libnss-ldapd_0.8.0_i386.deb
b6fafe0374109672a0f54d5e4b7e921e5f2d8cb5 37742 libpam-ldapd_0.8.0_i386.deb
Checksums-Sha256:
60004dddbfa272246abcaeb490ea64025618fb56fb6a2f58219c9b89ba537915 1102
nss-pam-ldapd_0.8.0.dsc
7a175ab9e2137fa4fba9a2beb01f6e74d6dc080e0ef91ff6b2236ecfb442a6a6 522812
nss-pam-ldapd_0.8.0.tar.gz
3426b1df42f6a44eeae07426f2ceef5524e01247cca649cec676f931e4ec0e60 127242
nslcd_0.8.0_i386.deb
be9da0576355e51004d3d5adbbe5202110be8cd938754541498f47a723c7c8af 44448
libnss-ldapd_0.8.0_i386.deb
c5750449f5b2a9f6f197f81e001bd8235d25f57d7f8a439789481e276c34b83b 37742
libpam-ldapd_0.8.0_i386.deb
Files:
73d50bdd5eb65362827ad32219d0a319 1102 admin extra nss-pam-ldapd_0.8.0.dsc
8efa3a4f77983d3dd054cc5e455b7234 522812 admin extra nss-pam-ldapd_0.8.0.tar.gz
b6df1926f353f7921ba74dd6f3a85f5c 127242 admin extra nslcd_0.8.0_i386.deb
d4c92cbdc45e51bea3a53b0b52d7a0ea 44448 admin extra libnss-ldapd_0.8.0_i386.deb
5977360c66c386e5ce3ba33d1a70add4 37742 admin extra libpam-ldapd_0.8.0_i386.deb
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.10 (GNU/Linux)
iEYEARECAAYFAk0c+e0ACgkQVYan35+NCKdyWgCfTjVlZsxeQhRBAZ5OHbIxsxOY
XekAnR6ipcYKCzZ112GqZFnY85mZUFof
=S5bP
-----END PGP SIGNATURE-----
--- End Message ---
