Package: nslcd
Version: 0.8.0
Severity: wishlist
Here are some change to the nslcd debconf to avoid loosing the previous
configuration on dpkg-reconfigure.
Any change to the configuration file prevails on debconf, this permit to
avoid "clearing settings to pick up valus from configfile".
Here is my changelog:
* debian/nslcd.config: Do not reset all debconf values when the
configuration file exists.
Deduce authentication type only if not defined.
Keep all authentication values in debconf, postinst handle them.
(read_config): Overwrite debconf value whent it differs from
configuration file.
(parsesys): Remove useless statements.
* debian/nslcd.postinst: Handle all the authentication scenarios.
(cfg_disable): Can take more than one paremeter.
Tested on my system:
- install with priority high
- reconfigure with priority low -> SASL -> DIGEST-MD5
- reconfigure with priority low -> no authentication -> disable all SASL options
- reconfigure with priority low -> SASL -> all SASL options are predefined
as in first reconfigure
- edit /etc/nslcd.conf -> sasl_mech GSSAPI
- reconfigure with priority low -> SASL is preselected -> GSSAPI is preselected
Regards.
-- System Information:
Debian Release: 6.0
APT prefers sid
APT policy: (500, 'sid'), (500, 'unstable'), (90, 'experimental')
Architecture: amd64 (x86_64)
Kernel: Linux 2.6.37+hati.1 (SMP w/2 CPU cores; PREEMPT)
Locale: LANG=fr_FR.UTF-8, LC_CTYPE=fr_FR.UTF-8 (charmap=UTF-8)
Shell: /bin/sh linked to /bin/bash
--
Daniel Dehennin
Récupérer ma clef GPG:
gpg --keyserver pgp.mit.edu --recv-keys 0x6A2540D1
diff --git a/debian/nslcd.config b/debian/nslcd.config
index 933c5e3..9ef3240 100644
--- a/debian/nslcd.config
+++ b/debian/nslcd.config
@@ -26,13 +26,11 @@ read_config()
{
debconf_param="$1"
cfg_param="$2"
- # get debconf value to ensure we don't overwrite an already set value
+ # overwrite debconf value if different from config file
db_get "$debconf_param"
- if [ -z "$RET" ]
- then
-value=`sed -n 's/^'"$cfg_param"'[[:space:]]*\([^[:space:]].*[^[:space:]]\)[[:space:]]*$/\1/ip' "$cfgfile" | tail -n 1`
-[ -n "$value" ] && db_set "$debconf_param" "$value"
- fi
+ debconf_value="$RET"
+ cfgfile_value=`sed -n 's/^'"$cfg_param"'[[:space:]]*\([^[:space:]].*[^[:space:]]\)[[:space:]]*$/\1/ip' "$cfgfile" | tail -n 1`
+ [ -n "$cfgfile_value" ] && [ "$debconf_value" != "$cfgfile_value" ] && db_set "$debconf_param" "$cfgfile_value"
# we're done
return 0
}
@@ -49,8 +47,6 @@ parsesys()
[ -z "$domain" ] && domain=`hostname --nis | grep '\.'` || true
[ -z "$domain" ] && domain=`hostname --fqdn | sed -n 's/^[^.]*\.//p'` || true
[ -z "$domain" ] && domain=`sed -n 's/^ *\(domain\|search\) *\([^ ]*\) *$/\2/p' /etc/resolv.conf | head -n 1` || true
-db_get nslcd/ldap-base
-searchbase="$RET"
# if the ldap-base value doesn't seem to be preseeded, try to use the
# domain name to build the default base
if [ -n "$domain" ]
@@ -148,17 +144,17 @@ parsecfg()
if [ -f "$CONFFILE" ]
then
# clear settings to pick up valus from configfile
- db_set nslcd/ldap-uris ""
- db_set nslcd/ldap-base ""
- db_set nslcd/ldap-binddn ""
- db_set nslcd/ldap-bindpw ""
- db_set nslcd/ldap-sasl-mech ""
- db_set nslcd/ldap-sasl-realm ""
- db_set nslcd/ldap-sasl-authcid ""
- db_set nslcd/ldap-sasl-authzid ""
- db_set nslcd/ldap-sasl-secprops ""
- db_set nslcd/ldap-starttls ""
- db_set nslcd/ldap-reqcert ""
+ # db_set nslcd/ldap-uris ""
+ # db_set nslcd/ldap-base ""
+ # db_set nslcd/ldap-binddn ""
+ # db_set nslcd/ldap-bindpw ""
+ # db_set nslcd/ldap-sasl-mech ""
+ # db_set nslcd/ldap-sasl-realm ""
+ # db_set nslcd/ldap-sasl-authcid ""
+ # db_set nslcd/ldap-sasl-authzid ""
+ # db_set nslcd/ldap-sasl-secprops ""
+ # db_set nslcd/ldap-starttls ""
+ # db_set nslcd/ldap-reqcert ""
# parse current configuration
parsecfg "$CONFFILE"
else
@@ -180,18 +176,22 @@ db_get nslcd/ldap-starttls
[ -z "$RET" ] && db_set nslcd/ldap-starttls "false"
# deduce auth-type from available information
-db_get nslcd/ldap-sasl-mech
-sasl_mech="$RET"
-db_get nslcd/ldap-binddn
-binddn="$RET"
-if [ -n "$sasl_mech" ]
+db_get nslcd/ldap-auth-type
+if [ -z "$RET" ]
then
- db_set nslcd/ldap-auth-type "SASL"
-elif [ -n "$binddn" ]
-then
- db_set nslcd/ldap-auth-type "simple"
-else
- db_set nslcd/ldap-auth-type "none"
+ db_get nslcd/ldap-sasl-mech
+ sasl_mech="$RET"
+ db_get nslcd/ldap-binddn
+ binddn="$RET"
+ if [ -n "$sasl_mech" ]
+ then
+db_set nslcd/ldap-auth-type "SASL"
+ elif [ -n "$binddn" ]
+ then
+db_set nslcd/ldap-auth-type "simple"
+ else
+db_set nslcd/ldap-auth-type "none"
+ fi
fi
#
@@ -225,24 +225,19 @@ do
db_get nslcd/ldap-auth-type
case "$RET" in
none)
- # anonymous bind, nothing to ask (clear options)
- db_set nslcd/ldap-binddn ""
+ # anonymous bind, nothing to ask (clear password)
db_set nslcd/ldap-bindpw ""
- db_set nslcd/ldap-sasl-mec