Package: libpam-ldap
Version: N/A
Severity: normal
Tags: patch
Dear Debian maintainer,
On Friday, May 15, 2009, I notified you of the beginning of a review process
concerning debconf templates for libpam-ldap.
The debian-l10n-english contributors have now reviewed these templates,
and the proposed changes are attached to this bug report.
Please review the suggested changes, and if you have any
objections, let me know in the next 3 days.
However, please try to avoid uploading libpam-ldap with these changes
right now.
The second phase of this process will begin on Friday, June 05, 2009, when I
will
coordinate updates to translations of debconf templates.
The existing translators will be notified of the changes: they will
receive an updated PO file for their language.
Simultaneously, a general call for new translations will be sent to
the debian-i18n mailing list.
Both these calls for translations will request updates to be sent as
individual bug reports. That will probably trigger a lot of bug
reports against your package, but these should be easier to deal with.
The call for translation updates and new translations will run until
about Friday, June 26, 2009. Please avoid uploading a package with fixed or
changed
debconf templates and/or translation updates in the meantime. Of
course, other changes are safe.
Please note that this is an approximative delay, which depends on my
own availability to process this work and is influenced by the fact
that I simultaneously work on many packages.
Around Saturday, June 27, 2009, I will contact you again and will send a final
patch
summarizing all the updates (changes to debconf templates,
updates to debconf translations and new debconf translations).
Again, thanks for your attention and cooperation.
-- System Information:
Debian Release: squeeze/sid
APT prefers unstable
APT policy: (500, 'unstable'), (1, 'experimental')
Architecture: i386 (i686)
Kernel: Linux 2.6.29-1-686 (SMP w/1 CPU core)
Locale: LANG=C, LC_CTYPE=C (charmap=ANSI_X3.4-1968)
Shell: /bin/sh linked to /bin/dash
--- libpam-ldap.old/debian/templates 2009-02-14 12:19:34.483870281 +0100
+++ libpam-ldap/debian/templates 2009-06-02 08:45:23.466305326 +0200
@@ -1,37 +1,50 @@
+# These templates have been reviewed by the debian-l10n-english
+# team
+#
+# If modifications/additions/rewording are needed, please ask
+# debian-l10n-engl...@lists.debian.org for advice.
+#
+# Even minor modifications require translation updates and such
+# changes should be coordinated with translators and reviewers.
+
Template: libpam-ldap/rootbinddn
Type: string
Default: cn=manager,dc=example,dc=net
-_Description: LDAP account for root:
- This account will be used when root changes a password.
+_Description: LDAP administrative account:
+ Please enter the name of the LDAP administrative account.
.
- Note: This account has to be a privileged account.
+ This account will be used automatically for database management, so
+ it will be granted the appropriate privileges.
Template: libpam-ldap/rootbindpw
Type: password
-_Description: LDAP root account password:
- Please enter the password to use when ${package} tries to
- login to the LDAP directory using the LDAP account for root.
- .
- The password will be stored in a separate file ${filename}
- which will be made readable to root only.
+#flag:comment:3
+# Translators: do not translate "${filename}"
+_Description: LDAP administrative password:
+ Please enter the password of the administrative account.
+ .
+ The password will be stored in the file ${filename}.
+ This will be made readable to root only, and will allow ${package}
+ to carry out automatic database management logins.
.
- Entering an empty password will re-use the old password.
+ If this field is left empty, the previously stored password will
+ be re-used.
Template: libpam-ldap/dblogin
Type: boolean
Default: false
_Description: Does the LDAP database require login?
- Choose this option if you can't retrieve entries from
- the database without logging in.
+ Please choose whether the LDAP server should enforce a login before
+ retrieving entries.
.
- Note: Under a normal setup, this is not needed.
+ Such a setup is not usually needed.
Template: shared/ldapns/base-dn
Type: string
Default: dc=example,dc=net
_Description: Distinguished name of the search base:
- Please enter the distinguished name of the LDAP search base. Many sites
- use the components of their domain names for this purpose. For example,
+ Please enter the distinguished name of the LDAP search base. Many sites
+ use the components of their domain names for this purpose. For example,
the domain "example.net" would use "dc=example,dc=net" as the
distinguished name of the search base.
@@ -39,81 +52,75 @@
Type: select
__Choices: clear, crypt, nds, ad, exop, md5
Default: crypt
-_Description: Local crypt to use when changing passwords.
- The PAM module can set the password crypt locally when changing the
- passwords, this is usually a good choice. By setting this to something
- else than clear you are making sure that the password gets crypted in some
- way.
- .
- The meanings for selections are:
- .
- clear - Don't set any encryptions, this is useful with servers that
- automatically encrypt userPassword entry.
- .
- crypt - (Default) make userPassword use the same format as the flat
- filesystem. this will work for most configurations
- .
- nds - Use Novell Directory Services-style updating, first remove the old
- password and then update with cleartext password.
- .
- ad - Active Directory-style. Create Unicode password and update unicodePwd
- attribute
- .
- exop - Use the OpenLDAP password change extended operation to update the
- password.
+_Description: Local encryption algorithm to use for passwords:
+ The PAM module can encrypt the password locally when changing it,
+ which is recommended:
+ * clear: no encryption. This should be chosen when LDAP servers
+ automatically encrypt the userPassword entry;
+ * crypt: make userPassword use the same format as the flat
+ local password database. If in doubt, you should choose this option;
+ * nds: use Novell Directory Services-style updating. The old
+ password is first removed, then updated;
+ * ad: Active Directory-style. This creates a Unicode password and
+ updates the unicodePwd attribute;
+ * exop: use the OpenLDAP password change extended operation to update the
+ password.
Template: shared/ldapns/ldap_version
Type: select
Choices: 3, 2
Default: 3
_Description: LDAP version to use:
- Please enter which version of the LDAP protocol should be used by
- ldapns. It is usually a good idea to set this to the highest
- available version number.
+ Please choose the version of the LDAP protocol that should be used by
+ ldapns. Using the highest available version number is recommended.
Template: libpam-ldap/binddn
Type: string
Default: cn=proxyuser,dc=example,dc=net
-_Description: Unprivileged database user:
- Please enter the name of the account that will be used to log in to the LDAP
- database.
- .
- Warning: DO NOT use privileged accounts for logging in, the configuration
- file has to be world readable.
+_Description: LDAP login user account:
+ Please enter the name of the LDAP account that should be used for
+ non-administrative (read-only) database logins.
+ .
+ It is highly recommended to use an unprivileged account, because
+ the configuration file that contains the account name and password
+ must be world-readable.
Template: libpam-ldap/dbrootlogin
Type: boolean
Default: true
-_Description: Make local root Database admin.
- This option will allow you to make password utilities that use pam, to
- behave like you would be changing local passwords.
+_Description: Allow LDAP admin account to behave like local root?
+ This option will allow password utilities that use PAM to
+ change local passwords.
.
- The password will be stored in a separate file which will be made
+ The LDAP admin account password will be stored in a separate file which will
be made
readable to root only.
.
- If you are using NFS mounted /etc or any other custom setup, you should
- disable this.
+ If /etc is mounted by NFS, this option should be disabled.
Template: shared/ldapns/ldap-server
Type: string
Default: ldapi:///
-_Description: LDAP server Uniform Resource Identifier:
- Please enter the URI of the LDAP server used. This is a string in the
- form ldap://<hostname or IP>:<port>/ . ldaps:// or ldapi:// can also
- be used. The port number is optional.
+_Description: LDAP server URI:
+ Please enter the Uniform Resource Identifier of the LDAP server.
+ The format is 'ldap://<hostname_or_IP>:<port>/'. Alternatively,
+ 'ldaps://' or 'ldapi://' can be used. The port number is optional.
.
- Note: It is usually a good idea to use an IP address; this reduces risks
- of failure in the event name service is unavailable.
+ Using an IP address is recommended to avoid failures when
+ domain name services are unavailable.
Template: libpam-ldap/bindpw
Type: password
-_Description: Password for database login account:
- Please enter the password that will be used to log in to the LDAP database.
+_Description: Password for LDAP login user:
+ Please enter the password for the nonadministrative LDAP login account.
Template: libpam-ldap/override
Type: boolean
Default: true
-_Description: Make debconf change your config?
- libpam-ldap has been moved to use debconf for its configuration. Should
- the settings in debconf be applied to the configuration? Package
- upgrades will use your answer here going forward.
+_Description: Manage libpam-ldap configuration automatically?
+ The libpam-ldap package configuration may be managed automatically
+ using answers to questions asked during the configuration process.
+ The resulting configuration file may overwrite local changes.
+ .
+ If you do not choose this option, no further questions will be asked
+ and the configuration will need to be done manually.
+
