Please find, for review, the debconf templates and packages descriptions for the nss-pam-ldapd source package.
This review will last from Friday, May 17, 2013 to Monday, May 27, 2013. Please send reviews as unified diffs (diff -u) against the original files. Comments about your proposed changes will be appreciated. Your review should be sent as an answer to this mail. When appropriate, I will send intermediate requests for review, with "[RFRn]" (n>=2) as a subject tag. When we will reach a consensus, I send a "Last Chance For Comments" mail with "[LCFC]" as a subject tag. Finally, a summary will be sent to the review bug report, and a mail will be sent to this list with "[BTS]" as a subject tag. Rationale: --- nss-pam-ldapd.old/debian/nslcd.templates 2013-05-08 08:51:53.605684558 +0200 +++ nss-pam-ldapd/debian/nslcd.templates 2013-05-17 09:34:08.402586898 +0200 @@ -32,19 +32,19 @@ Template: nslcd/ldap-binddn Type: string _Description: LDAP database user: - Enter the name of the account that will be used to log in to the LDAP + Please enter the name of the account that will be used to log in to the LDAP database. This value should be specified as a DN (distinguished name). I standardized many templates with "Please enter".... @@ -53,27 +53,27 @@ * NTLM: NT LAN Manager authentication mechanism; * CRAM-MD5: challenge-response scheme based on HMAC-MD5; * DIGEST-MD5: HTTP Digest compatible challenge-response scheme; - * SCRAM: a salted challenge-response mechanism; + * SCRAM: salted challenge-response mechanism; * GSSAPI: used for Kerberos; - * SKEY: an S/KEY mechanism (obsoleted by OTP); - * OTP: a One Time Password mechanism; + * SKEY: S/KEY mechanism (obsoleted by OTP); + * OTP: One Time Password mechanism; * EXTERNAL: authentication is implicit in the context. Drop "a" and "an" Template: nslcd/ldap-sasl-realm Type: string _Description: SASL realm: - Enter the SASL realm that will be used to authenticate to the LDAP + Please enter the SASL realm that will be used to authenticate to the LDAP database. . The realm is appended to authentication and authorization identities. . - For GSSAPI this can be left blank to use information from the Kerberos - credential cache. + For GSSAPI, this can be left blank to use information from the Kerberos + credentials cache. Adding comma @@ -90,7 +90,8 @@ Template: nslcd/ldap-sasl-secprops Type: string _Description: Cyrus SASL security properties: - Enter the Cyrus SASL security properties. + Please enter the Cyrus SASL security properties. + . Allowed values are described in the ldap.conf(5) manual page in the SASL OPTIONS section. Split in two paragraphs for readability. @@ -98,7 +99,7 @@ Type: string Default: /var/run/nslcd/nslcd.tkt _Description: Kerberos credential cache file path: - Enter the GSSAPI/Kerberos credential cache file name that will be used. + Please enter the GSSAPI/Kerberos credential cache file name that will be used. Template: nslcd/ldap-starttls Type: boolean @@ -118,7 +119,7 @@ * allow: a certificate will be requested, but it is not required or checked; * try: a certificate will be requested and checked, but if no - certificate is provided it is ignored; + certificate is provided, it is ignored; * demand: a certificate will be requested, required, and checked. . If certificate checking is enabled, at least one of the tls_cacertdir or Needed comma --- nss-pam-ldapd.old/debian/libnss-ldapd.templates 2013-05-08 08:51:53.605684558 +0200 +++ nss-pam-ldapd/debian/libnss-ldapd.templates 2013-05-17 09:34:59.883957287 +0200 @@ -2,7 +2,7 @@ Type: multiselect Choices: aliases, ethers, group, hosts, netgroup, networks, passwd, protocols, rpc, services, shadow _Description: Name services to configure: - For this package to work, you need to modify your /etc/nsswitch.conf to use + For this package to work, you need to modify the /etc/nsswitch.conf file to use the ldap datasource. . You can select the services that should have LDAP lookups enabled. The Unpersonnalize. --- nss-pam-ldapd.old/debian/control 2013-05-13 06:53:50.894745034 +0200 +++ nss-pam-ldapd/debian/control 2013-05-17 09:37:53.676583489 +0200 @@ -17,12 +17,10 @@ Suggests: kstart Replaces: libnss-ldapd (<< 0.7.0) Breaks: libnss-ldapd (<< 0.7.0) -Description: Daemon for NSS and PAM lookups using LDAP - This package provides a daemon for retrieving user account, and other - system information from LDAP. - . - It is used by the libnss-ldapd and libpam-ldapd packages but by itself is - not very useful. +Description: daemon for NSS and PAM lookups using LDAP + This package provides a daemon for retrieving user accounts and similar + system information from LDAP. It is used by the libnss-ldapd and + libpam-ldapd packages but is not very useful by itself. Remove leading capital in synopsis as per developer's reference The daemon can retrive more than one user account, so I think plural forms is better here. Package: libnss-ldapd Architecture: any @@ -32,10 +30,10 @@ Conflicts: libnss-ldap Provides: libnss-ldap Description: NSS module for using LDAP as a naming service - This package provides a Name Service Switch module that allows your LDAP + This package provides a Name Service Switch module that allows using an LDAP server to provide user account, group, host name, alias, netgroup, and - basically any other information that you would normally get from /etc flat - files or NIS. + basically any other information that you would normally be retrieved + from /etc flat files or NIS. unpersonnalize and therefore turn into "allows using" Package: libpam-ldapd Architecture: any @@ -45,27 +43,23 @@ Conflicts: libpam-ldap Provides: libpam-ldap Description: PAM module for using LDAP as an authentication service - This package provides a Pluggable Authentication Module that allows + This package provides a Pluggable Authentication Module that provides user authentication, authorisation and password management based on credentials stored in an LDAP server. Let's avoid the "allows" nightmare..:-) Package: pynslcd -Description: Daemon for NSS and PAM lookups using LDAP (Python implementation) - This package provides a daemon for retrieving user account, and other - system information from LDAP. - . - It is used by the libnss-ldapd and libpam-ldapd packages but by itself - is not very useful. This is an alternative to the nslcd package but - implemented in Python. +Description: daemon for NSS and PAM lookups via LDAP - Python version + This package provides a daemon for retrieving user account and similar + system information from LDAP. It is used by the libnss-ldapd and + libpam-ldapd packages but is not very useful by itself. . - Note that pynslcd is currently EXPERIMENTAL and has not undergone the - same testing that nslcd has. + This is an alternative Python implementation of nslcd. Note that it is + currently EXPERIMENTAL and has not undergone the same testing as nslcd. Package: nslcd-utils -Description: Utilities for querying LDAP via nslcd - These programmes provide for means to query and update information in - LDAP via nslcd. - . - getent.ldap - perform LDAP lookups bypassing nsswitch configuration - chsh.ldap - change a user's shell in LDAP +Description: utilities for querying LDAP via nslcd + This package provides tools to query and update information in LDAP + via nslcd: + * chsh.ldap - change a user's shell in LDAP; + * getent.ldap - perform LDAP lookups bypassing nsswitch configuration. Some of these changes are those propsoed by Justin, IIRC..:-) --
Template: nslcd/ldap-uris Type: string _Description: LDAP server URI: Please enter the Uniform Resource Identifier of the LDAP server. The format is "ldap://<hostname_or_IP_address>:<port>/". Alternatively, "ldaps://" or "ldapi://" can be used. The port number is optional. . When using an ldap or ldaps scheme it is recommended to use an IP address to avoid failures when domain name services are unavailable. . Multiple URIs can be separated by spaces. Template: nslcd/ldap-base Type: string _Description: LDAP server search base: Please enter the distinguished name of the LDAP search base. Many sites use the components of their domain names for this purpose. For example, the domain "example.net" would use "dc=example,dc=net" as the distinguished name of the search base. Template: nslcd/ldap-auth-type Type: select __Choices: none, simple, SASL _Description: LDAP authentication to use: Please choose what type of authentication the LDAP database should require (if any): . * none: no authentication; * simple: simple bind DN and password authentication; * SASL: any Simple Authentication and Security Layer mechanism. Template: nslcd/ldap-binddn Type: string _Description: LDAP database user: Please enter the name of the account that will be used to log in to the LDAP database. This value should be specified as a DN (distinguished name). Template: nslcd/ldap-bindpw Type: password _Description: LDAP user password: Please enter the password that will be used to log in to the LDAP database. Template: nslcd/ldap-sasl-mech Type: select Choices: auto, LOGIN, PLAIN, NTLM, CRAM-MD5, DIGEST-MD5, SCRAM, GSSAPI, SKEY, OTP, EXTERNAL _Description: SASL mechanism to use: Please choose the SASL mechanism that will be used to authenticate to the LDAP database: . * auto: auto-negotiation; * LOGIN: deprecated in favor of PLAIN; * PLAIN: simple cleartext password mechanism; * NTLM: NT LAN Manager authentication mechanism; * CRAM-MD5: challenge-response scheme based on HMAC-MD5; * DIGEST-MD5: HTTP Digest compatible challenge-response scheme; * SCRAM: salted challenge-response mechanism; * GSSAPI: used for Kerberos; * SKEY: S/KEY mechanism (obsoleted by OTP); * OTP: One Time Password mechanism; * EXTERNAL: authentication is implicit in the context. Template: nslcd/ldap-sasl-realm Type: string _Description: SASL realm: Please enter the SASL realm that will be used to authenticate to the LDAP database. . The realm is appended to authentication and authorization identities. . For GSSAPI, this can be left blank to use information from the Kerberos credentials cache. Template: nslcd/ldap-sasl-authcid Type: string _Description: SASL authentication identity: Please enter the SASL authentication identity that will be used to authenticate to the LDAP database. . This is the login used in LOGIN, PLAIN, CRAM-MD5, and DIGEST-MD5 mechanisms. Template: nslcd/ldap-sasl-authzid Type: string _Description: SASL proxy authorization identity: Please enter the proxy authorization identity that will be used to authenticate to the LDAP database. . This is the object in the name of which the LDAP request is done. This value should be specified as a DN (distinguished name). Template: nslcd/ldap-sasl-secprops Type: string _Description: Cyrus SASL security properties: Please enter the Cyrus SASL security properties. . Allowed values are described in the ldap.conf(5) manual page in the SASL OPTIONS section. Template: nslcd/ldap-sasl-krb5-ccname Type: string Default: /var/run/nslcd/nslcd.tkt _Description: Kerberos credential cache file path: Please enter the GSSAPI/Kerberos credential cache file name that will be used. Template: nslcd/ldap-starttls Type: boolean _Description: Use StartTLS? Please choose whether the connection to the LDAP server should use StartTLS to encrypt the connection. Template: nslcd/ldap-reqcert Type: select __Choices: never, allow, try, demand _Description: Check server's SSL certificate: When an encrypted connection is used, a server certificate can be requested and checked. Please choose whether lookups should be configured to require a certificate, and whether certificates should be checked for validity: . * never: no certificate will be requested or checked; * allow: a certificate will be requested, but it is not required or checked; * try: a certificate will be requested and checked, but if no certificate is provided, it is ignored; * demand: a certificate will be requested, required, and checked. . If certificate checking is enabled, at least one of the tls_cacertdir or tls_cacertfile options must be put in /etc/nslcd.conf.
Template: libnss-ldapd/nsswitch Type: multiselect Choices: aliases, ethers, group, hosts, netgroup, networks, passwd, protocols, rpc, services, shadow _Description: Name services to configure: For this package to work, you need to modify the /etc/nsswitch.conf file to use the ldap datasource. . You can select the services that should have LDAP lookups enabled. The new LDAP lookups will be added as the last datasource. Be sure to review these changes. Template: libnss-ldapd/clean_nsswitch Type: boolean Default: false _Description: Remove LDAP from nsswitch.conf now? The following services are still configured to use LDAP for lookups: ${services} but the libnss-ldapd package is about to be removed. . You are advised to remove the entries if you don't plan on using LDAP for name resolution any more. Not removing ldap from nsswitch.conf should, for most services, not cause problems, but host name resolution could be affected in subtle ways. . You can edit /etc/nsswitch.conf by hand or choose to remove the entries automatically now. Be sure to review the changes to /etc/nsswitch.conf if you choose to remove the entries now.
--- nss-pam-ldapd.old/debian/nslcd.templates 2013-05-08 08:51:53.605684558 +0200 +++ nss-pam-ldapd/debian/nslcd.templates 2013-05-17 09:34:08.402586898 +0200 @@ -32,19 +32,19 @@ Template: nslcd/ldap-binddn Type: string _Description: LDAP database user: - Enter the name of the account that will be used to log in to the LDAP + Please enter the name of the account that will be used to log in to the LDAP database. This value should be specified as a DN (distinguished name). Template: nslcd/ldap-bindpw Type: password _Description: LDAP user password: - Enter the password that will be used to log in to the LDAP database. + Please enter the password that will be used to log in to the LDAP database. Template: nslcd/ldap-sasl-mech Type: select Choices: auto, LOGIN, PLAIN, NTLM, CRAM-MD5, DIGEST-MD5, SCRAM, GSSAPI, SKEY, OTP, EXTERNAL _Description: SASL mechanism to use: - Choose the SASL mechanism that will be used to authenticate to the LDAP + Please choose the SASL mechanism that will be used to authenticate to the LDAP database: . * auto: auto-negotiation; @@ -53,27 +53,27 @@ * NTLM: NT LAN Manager authentication mechanism; * CRAM-MD5: challenge-response scheme based on HMAC-MD5; * DIGEST-MD5: HTTP Digest compatible challenge-response scheme; - * SCRAM: a salted challenge-response mechanism; + * SCRAM: salted challenge-response mechanism; * GSSAPI: used for Kerberos; - * SKEY: an S/KEY mechanism (obsoleted by OTP); - * OTP: a One Time Password mechanism; + * SKEY: S/KEY mechanism (obsoleted by OTP); + * OTP: One Time Password mechanism; * EXTERNAL: authentication is implicit in the context. Template: nslcd/ldap-sasl-realm Type: string _Description: SASL realm: - Enter the SASL realm that will be used to authenticate to the LDAP + Please enter the SASL realm that will be used to authenticate to the LDAP database. . The realm is appended to authentication and authorization identities. . - For GSSAPI this can be left blank to use information from the Kerberos - credential cache. + For GSSAPI, this can be left blank to use information from the Kerberos + credentials cache. Template: nslcd/ldap-sasl-authcid Type: string _Description: SASL authentication identity: - Enter the SASL authentication identity that will be used to authenticate to + Please enter the SASL authentication identity that will be used to authenticate to the LDAP database. . This is the login used in LOGIN, PLAIN, CRAM-MD5, and DIGEST-MD5 mechanisms. @@ -81,7 +81,7 @@ Template: nslcd/ldap-sasl-authzid Type: string _Description: SASL proxy authorization identity: - Enter the proxy authorization identity that will be used to authenticate to + Please enter the proxy authorization identity that will be used to authenticate to the LDAP database. . This is the object in the name of which the LDAP request is done. @@ -90,7 +90,8 @@ Template: nslcd/ldap-sasl-secprops Type: string _Description: Cyrus SASL security properties: - Enter the Cyrus SASL security properties. + Please enter the Cyrus SASL security properties. + . Allowed values are described in the ldap.conf(5) manual page in the SASL OPTIONS section. @@ -98,7 +99,7 @@ Type: string Default: /var/run/nslcd/nslcd.tkt _Description: Kerberos credential cache file path: - Enter the GSSAPI/Kerberos credential cache file name that will be used. + Please enter the GSSAPI/Kerberos credential cache file name that will be used. Template: nslcd/ldap-starttls Type: boolean @@ -118,7 +119,7 @@ * allow: a certificate will be requested, but it is not required or checked; * try: a certificate will be requested and checked, but if no - certificate is provided it is ignored; + certificate is provided, it is ignored; * demand: a certificate will be requested, required, and checked. . If certificate checking is enabled, at least one of the tls_cacertdir or --- nss-pam-ldapd.old/debian/libnss-ldapd.templates 2013-05-08 08:51:53.605684558 +0200 +++ nss-pam-ldapd/debian/libnss-ldapd.templates 2013-05-17 09:34:59.883957287 +0200 @@ -2,7 +2,7 @@ Type: multiselect Choices: aliases, ethers, group, hosts, netgroup, networks, passwd, protocols, rpc, services, shadow _Description: Name services to configure: - For this package to work, you need to modify your /etc/nsswitch.conf to use + For this package to work, you need to modify the /etc/nsswitch.conf file to use the ldap datasource. . You can select the services that should have LDAP lookups enabled. The --- nss-pam-ldapd.old/debian/control 2013-05-13 06:53:50.894745034 +0200 +++ nss-pam-ldapd/debian/control 2013-05-17 09:37:53.676583489 +0200 @@ -17,12 +17,10 @@ Suggests: kstart Replaces: libnss-ldapd (<< 0.7.0) Breaks: libnss-ldapd (<< 0.7.0) -Description: Daemon for NSS and PAM lookups using LDAP - This package provides a daemon for retrieving user account, and other - system information from LDAP. - . - It is used by the libnss-ldapd and libpam-ldapd packages but by itself is - not very useful. +Description: daemon for NSS and PAM lookups using LDAP + This package provides a daemon for retrieving user accounts and similar + system information from LDAP. It is used by the libnss-ldapd and + libpam-ldapd packages but is not very useful by itself. Package: libnss-ldapd Architecture: any @@ -32,10 +30,10 @@ Conflicts: libnss-ldap Provides: libnss-ldap Description: NSS module for using LDAP as a naming service - This package provides a Name Service Switch module that allows your LDAP + This package provides a Name Service Switch module that allows using an LDAP server to provide user account, group, host name, alias, netgroup, and - basically any other information that you would normally get from /etc flat - files or NIS. + basically any other information that you would normally be retrieved + from /etc flat files or NIS. Package: libpam-ldapd Architecture: any @@ -45,27 +43,23 @@ Conflicts: libpam-ldap Provides: libpam-ldap Description: PAM module for using LDAP as an authentication service - This package provides a Pluggable Authentication Module that allows + This package provides a Pluggable Authentication Module that provides user authentication, authorisation and password management based on credentials stored in an LDAP server. Package: pynslcd -Description: Daemon for NSS and PAM lookups using LDAP (Python implementation) - This package provides a daemon for retrieving user account, and other - system information from LDAP. - . - It is used by the libnss-ldapd and libpam-ldapd packages but by itself - is not very useful. This is an alternative to the nslcd package but - implemented in Python. +Description: daemon for NSS and PAM lookups via LDAP - Python version + This package provides a daemon for retrieving user account and similar + system information from LDAP. It is used by the libnss-ldapd and + libpam-ldapd packages but is not very useful by itself. . - Note that pynslcd is currently EXPERIMENTAL and has not undergone the - same testing that nslcd has. + This is an alternative Python implementation of nslcd. Note that it is + currently EXPERIMENTAL and has not undergone the same testing as nslcd. Package: nslcd-utils -Description: Utilities for querying LDAP via nslcd - These programmes provide for means to query and update information in - LDAP via nslcd. - . - getent.ldap - perform LDAP lookups bypassing nsswitch configuration - chsh.ldap - change a user's shell in LDAP +Description: utilities for querying LDAP via nslcd + This package provides tools to query and update information in LDAP + via nslcd: + * chsh.ldap - change a user's shell in LDAP; + * getent.ldap - perform LDAP lookups bypassing nsswitch configuration.
Source: nss-pam-ldapd Section: admin Priority: extra Maintainer: Arthur de Jong <adej...@debian.org> Uploaders: Richard A Nelson (Rick) <cow...@debian.org> Standards-Version: 3.9.4 Build-Depends: debhelper (>=9), libkrb5-dev, libldap2-dev, libsasl2-dev, po-debconf (>= 0.5.0), docbook2x, docbook-xml, libpam0g-dev Homepage: http://arthurdejong.org/nss-pam-ldapd/ Vcs-Svn: http://arthurdejong.org/svn/nss-pam-ldapd/debian/nss-pam-ldapd/trunk/ Vcs-Browser: http://arthurdejong.org/viewvc/nss-pam-ldapd/debian/nss-pam-ldapd/trunk/ Package: nslcd Architecture: any Multi-Arch: foreign Depends: ${misc:Depends}, ${shlibs:Depends}, adduser Recommends: nscd, libnss-ldapd | libnss-ldap, libpam-ldapd | libpam-ldap | libpam-krb5 | libpam-heimdal | libpam-sss, ldap-utils, bind9-host | host Suggests: kstart Replaces: libnss-ldapd (<< 0.7.0) Breaks: libnss-ldapd (<< 0.7.0) Description: daemon for NSS and PAM lookups using LDAP This package provides a daemon for retrieving user accounts and similar system information from LDAP. It is used by the libnss-ldapd and libpam-ldapd packages but is not very useful by itself. Package: libnss-ldapd Architecture: any Multi-Arch: same Pre-Depends: ${misc:Pre-Depends} Depends: ${misc:Depends}, ${shlibs:Depends}, nslcd (>= 0.7.0) Conflicts: libnss-ldap Provides: libnss-ldap Description: NSS module for using LDAP as a naming service This package provides a Name Service Switch module that allows using an LDAP server to provide user account, group, host name, alias, netgroup, and basically any other information that you would normally be retrieved from /etc flat files or NIS. Package: libpam-ldapd Architecture: any Multi-Arch: same Pre-Depends: ${misc:Pre-Depends} Depends: ${misc:Depends}, ${shlibs:Depends}, nslcd, libpam-runtime (>= 1.0.1-6), libpam0g (>= 1.1.3-2) Conflicts: libpam-ldap Provides: libpam-ldap Description: PAM module for using LDAP as an authentication service This package provides a Pluggable Authentication Module that provides user authentication, authorisation and password management based on credentials stored in an LDAP server. Package: pynslcd Description: daemon for NSS and PAM lookups via LDAP - Python version This package provides a daemon for retrieving user account and similar system information from LDAP. It is used by the libnss-ldapd and libpam-ldapd packages but is not very useful by itself. . This is an alternative Python implementation of nslcd. Note that it is currently EXPERIMENTAL and has not undergone the same testing as nslcd. Package: nslcd-utils Description: utilities for querying LDAP via nslcd This package provides tools to query and update information in LDAP via nslcd: * chsh.ldap - change a user's shell in LDAP; * getent.ldap - perform LDAP lookups bypassing nsswitch configuration.
signature.asc
Description: Digital signature