Control: tags -1 + pending

On Mon, 2014-06-09 at 00:59 +0530, Murukesh Mohanan wrote:
> So, what I am requesting is either a new debconf setting for nslcd to
> specify the CA cert file, or the generation of a line similar to the
> above one *if* start_tls is enabled.

The next upload to unstable will:
- add tls_cacertfile /etc/ssl/certs/ca-certificates.crt by
  default for new installations
- add a debconf prompt for tls_cacertfile that will be asked
  only when relevant (depending on answers to previous
  questions)

> As it stands, I replace the entire config file, which means, *all*
> other nslcd debconf selections are rendered useless to me.

This is correct, preseeding (and configuration guessing) only works on
initial install if there is no nslcd.conf yet. Once a configuration file
is present it takes precedence over debconf values.

> I figure that the precedent established by the shared setting for 
> libpam-ldapd, which is:
>    libpam-ldapd shared/ldapns/ldap-starttls boolean true
> suggests that autogeneration of a default value is the way to go,
> avoiding translation issues.

The shared/ldapns namespace is Ubuntu-specific and comes from the
ldap-auth-config package which is not used by nss-pam-ldapd.

-- 
-- arthur - [email protected] - http://people.debian.org/~adejong --

Attachment: signature.asc
Description: This is a digitally signed message part

Reply via email to