On Mon, 2010-12-06 at 23:59 +0800, David Adam wrote: > This bit us on trial upgrades to Squeeze, and as this has not yet been > fixed I would strongly recommend a section in the release notes on > "Possible issues during upgrade" or "Issues to be aware of for squeeze", > perhaps along the following lines:
Attached is a patch for the release notes on this. I've used David's text as a basis. I've been thinking about encouraging more users to switch to libnss-ldapd. It solves quite a few of the problems in libnss-ldap and is also better maintained. However, since I'm both the Debian maintainer and upstream I'm a bit biased. -- -- arthur - adej...@debian.org - http://people.debian.org/~adejong --
Index: en/release-notes.dbk
===================================================================
--- en/release-notes.dbk (revision 7891)
+++ en/release-notes.dbk (working copy)
@@ -390,6 +390,14 @@
<glossdef><para>Serial Advanced Technology Attachment</para></glossdef>
</glossentry>
<glossentry>
+ <glossterm>SSL</glossterm>
+ <glossdef><para>Secure Sockets Layer</para></glossdef>
+ </glossentry>
+ <glossentry>
+ <glossterm>TLS</glossterm>
+ <glossdef><para>Transport Layer Security</para></glossdef>
+ </glossentry>
+ <glossentry>
<glossterm>USB</glossterm>
<glossdef><para>Universal Serial Bus</para></glossdef>
</glossentry>
Index: en/issues.dbk
===================================================================
--- en/issues.dbk (revision 7891)
+++ en/issues.dbk (working copy)
@@ -434,6 +434,37 @@
</para>
</section>
+<section id="ldap">
+<title><acronym>LDAP</acronym> support</title>
+<indexterm><primary>LDAP</primary></indexterm>
+<para>
+A feature in the cryptography libraries used in the <acronym>LDAP</acronym>
+libraries causes programs that attempt to change their effective
+privleges, such as <command>sudo</command> or <command>su</command> may
+fail when <systemitem role="package">libnss-ldap</systemitem> is
+configured to use an <acronym>LDAP</acronym> server using
+<acronym>TLS</acronym> or <acronym>SSL</acronym>.
+</para>
+<para>
+A work around for this problem is to replace
+<systemitem role="package">libnss-ldap</systemitem> with
+<systemitem role="package">libnss-ldapd</systemitem>, a newer library which
+uses separate daemon (<command>nslcd</command>) for all
+<acronym>LDAP</acronym> lookups. The replacement for
+<systemitem role="package">libpam-ldap</systemitem> is
+<systemitem role="package">libpam-ldapd</systemitem>.
+</para>
+<para>
+Note that <systemitem role="package">libnss-ldapd</systemitem> recommends the
+NSS caching daemon (<command>nscd</command>) which you should evaluate for
+suitability in your environment before installing.
+</para>
+<para>
+Further information is available in bugs
+<ulink url="&url-bts;566351">#566351</ulink> and
+<ulink url="&url-bts;545414">#545414</ulink>.
+</para>
+</section>
<section id="kde-desktop-changes" condition="fixme">
<title>KDE desktop</title>
signature.asc
Description: This is a digitally signed message part
