Hi Jamie, Il giorno lun, 26/02/2007 alle 17.02 -0500, Jamie ffolliott ha scritto: [...] > The issue that forces manual editing is that: the package wants to maintain > the libpam-ldap.conf, and will not allow me to specify a "uri" setting to > speak to the ldap server via ldaps://. There are almost always other types > of changes one needs to make to the .conf, so debconf will never be the only > thing writing this file. > > Alternatively, allow configuration of the "uri" setting using debconf, or > simply convert to using the "uri" setting instead of "host" since it is more > flexible.
I still cannot reproduce your problem: when debconf prompts you for a host, you may type a complete URI. The package script will recognise it as a URI and will write correctly the URI line instead of the HOST one. For instance, I use this as answer to "LDAP Server host": ldapi://%2fvar%2frun%2fslapd%2fldapi/ It a perfect valid URI to connect to a local LDAP server via ldapi:// Would you please give it a try? It should be the first question asked by debconf. If this does not work for you, please send me your /etc/pam_ldap.conf, so I could try again to reproduce the problem. > uri ldap://hostname > > is equivalent to > > host hostname > port 389 > > The other issue is that you store a sensitive password (allowing write to > the ldap directory) in debconf, without appropriate encryption - that stuff > should generally not be stored and used to overwrite the pam_ldap.secret > file. I'd prefer if it asked for the password once on initial install, and > never touched it again, or at the very minimum should prompt each time > before overwriting it. This is how the current package behave. If you provide a password, then it store this password in debconf database, the save it to the file in /etc, then delete the password from debconf database. If you do not type any password and the file secret already exists, then the old one is used without storing it in debconf database. It seems to me that you are using an old version of the package. Would you please try the version currently in unstable or the one I sent you? Thanks, Giuseppe -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED]
