Hi Etienne, thanks for reporting this bug and please accept my apologies for not replying earlier.
On Mon, Sep 17, 2007 at 11:18:07AM -0400, Etienne Goyer wrote: > As per debian/rules, the configure script get passed: > > --with-ldap-conf-file=/etc/ldap/ldap.conf \ This is currently /etc/sudo-ldap.conf. > This is clearly wrong, as README.LDAP state: > > Configure your /etc/ldap.conf > ============================= > The /etc/ldap.conf file is meant to be shared between sudo, > pam_ldap, nss_ldap and other ldap applications and modules. I have adapted the documentation to now read: |Configure your /etc/sudo-ldap.conf and /etc/nsswitch.conf |========================================================= |The Debian package sudo-ldap uses /etc/sudo-ldap.conf as configuration file |and is configured to use nsswitch. That way we have at least the package and the docs in sync. > In Debian, configuration files of nss_ldap and pam_ldap are > /etc/libnss-ldap.conf and /etc/pam_ldap.conf, respectively. > /etc/ldap/ldap.conf is used by OpenLDAP client utilities, such as > ldapsearch, lpdapadd, etc, and use a different format that the > pam_ldap/nss_ldap config files. Thus, it make no sense to use > /etc/ldap/ldap.conf for the LDAP configuration of sudo. This is probably the reason for the change to /etc/sudo-ldap.conf. > 1. Best: sudo-ldap use its own configuration file, just like libnss-ldap > and libpam-ldap. A patch for doing so have been submitted in #430826, > although I think it really should be /etc/sudo-ldap.conf instead of > /etc/ldap/sudo-ldap.conf. That's what was done in the past. > It may be interesting to note that Ubuntu is moving away from the Debian > way of having two separate configuration files for libnss-ldap and > libpam-ldap toward a single /etc/ldap.conf for both. This is more in > line with the way upstream (and other Linux distributions) is doing it, > and would make the choice of filename in option 2 moot. If you suggest other changes done to Debian's sudo(-ldap) package post-bullseye, I would kindly ask you to file a new bug report and I promise that the maintainer team will timely handle the issue. I am afraid though, that the documentation changes done to finally solve this ancient issue here will be the only thing that we will be able to get in place for bullseye - no functional changes this late. Thank you very much. Greetings Marc >
