Bug#696445: nslcd: Discards local modifications in nslcd.conf without warning

2012-12-20 Thread Arno 
Package: nslcd
Version: 0.8.10-4
Severity: serious
Justification: changes to configuration files must be preserved during a 
package upgrade

It seems that a combination of #661872, #671464, and/or #689296 is back again
with version 0.8.10-4.

After upgrading nslcd today, my system stopped recognizing my username:

Setting up nslcd (0.8.10-4) ...
[ ok ] Restarting LDAP connection daemon: nslcd.
Setting up libnss-ldapd:amd64 (0.8.10-4) ...
Setting up libpam-ldapd:amd64 (0.8.10-4) ...
Setting up tzdata-java (2012j-1) ...
getpwuid() can't identify your account!
aschuring@murid:~$ id
uid=1 gid=1 
groups=24(cdrom),29(audio),44(video),46(plugdev),60(games),100(users),107(fuse),9000,9001,1,10002

(note the absence of name resolution for non-local items)


Digging into it was complicated by the fact that ssh told me to go away because
I didn't exist, but syslog contained these lines:
Dec 20 21:52:43 murid nslcd[4034]: [7b23c6]  
ldap_start_tls_s() failed (uri=ldap://gnome.loos.site): Connect error: (unknown 
error code)
Dec 20 21:52:43 murid nslcd[4034]: [7b23c6]  
ldap_start_tls_s() failed (uri=ldap://genie.loos.site): Connect error: (unknown 
error code)

Which was caused by the removal of the line

tls_cacertfile /etc/ssl/certs/loos.site.pem

from nslcd.conf on upgrade.


Regards,
Arno


-- System Information:
Debian Release: wheezy/sid
  APT prefers testing
  APT policy: (990, 'testing'), (900, 'stable'), (300, 'unstable'), (200, 
'experimental')
Architecture: amd64 (x86_64)
Foreign Architectures: i386

Kernel: Linux 3.2.0-4-rt-amd64 (SMP w/2 CPU cores; PREEMPT)
Locale: LANG=en_GB.UTF-8, LC_CTYPE=en_GB.UTF-8 (charmap=UTF-8)
Shell: /bin/sh linked to /bin/dash

Versions of packages nslcd depends on:
ii  adduser3.113+nmu3
ii  debconf [debconf-2.0]  1.5.46
ii  libc6  2.13-37
ii  libgssapi-krb5-2   1.10.1+dfsg-3
ii  libldap-2.4-2  2.4.31-1

Versions of packages nslcd recommends:
ii  bind9-host [host]   1:9.8.1.dfsg.P1-4.4
ii  ldap-utils  2.4.31-1
ii  libnss-ldapd [libnss-ldap]  0.8.10-4
ii  libpam-krb5 4.6-1
ii  libpam-ldapd [libpam-ldap]  0.8.10-4
pn  nscd

Versions of packages nslcd suggests:
pn  kstart  

-- debconf information:
  nslcd/ldap-sasl-realm:
* nslcd/ldap-starttls: true
  nslcd/ldap-sasl-krb5-ccname: /var/run/nslcd/nslcd.tkt
* nslcd/ldap-auth-type: none
* nslcd/ldap-reqcert: try
* nslcd/ldap-uris: ldap://gnome.loos.site ldap://genie.loos.site
  nslcd/ldap-sasl-secprops:
  nslcd/ldap-binddn:
  nslcd/ldap-sasl-authcid:
  nslcd/ldap-sasl-mech:
* nslcd/ldap-base: dc=loos,dc=site
  nslcd/ldap-sasl-authzid:


-- 
To UNSUBSCRIBE, email to debian-bugs-rc-requ...@lists.debian.org
with a subject of "unsubscribe". Trouble? Contact listmas...@lists.debian.org

Bug#696445: nslcd: Discards local modifications in nslcd.conf without warning

2012-12-20 Thread aelschuring 
Package: nslcd
Version: 0.8.10-4
Followup-For: Bug #696445

I must add that this does not happen on all machines, on this second machine
the upgrade did not clobber the configuration file. The only difference I can
think of as relevant is that the earlier machine has been running testing
since its creation 6 months ago, and the other was only recently upgraded from
Squeeze.

Clobbered (murid):
0.8.9-1
0.8.10-1
0.8.10-2
0.8.10-4 xx

Not clobbered (gnome):
0.7.15
0.7.15+squeeze1
0.7.15+squeeze2
0.8.10-2
0.8.10-4


I'm happy to provide more information, but I don't know what would help you.

Regards,
Arno

-- System Information:
Debian Release: wheezy/sid
  APT prefers testing
  APT policy: (990, 'testing'), (900, 'stable'), (300, 'unstable'), (200, 
'stable-updates')
Architecture: i386 (i686)

Kernel: Linux 3.2.0-4-686-pae (SMP w/1 CPU core)
Locale: LANG=C, LC_CTYPE=C (charmap=ANSI_X3.4-1968)
Shell: /bin/sh linked to /bin/dash

Versions of packages nslcd depends on:
ii  adduser3.113+nmu3
ii  debconf [debconf-2.0]  1.5.46
ii  libc6  2.13-37
ii  libgssapi-krb5-2   1.10.1+dfsg-3
ii  libldap-2.4-2  2.4.31-1

Versions of packages nslcd recommends:
ii  bind9-host [host]   1:9.8.1.dfsg.P1-4.4
ii  ldap-utils  2.4.31-1
ii  libnss-ldapd [libnss-ldap]  0.8.10-4
ii  libpam-krb5 4.6-1
ii  libpam-ldapd [libpam-ldap]  0.8.10-4
ii  unscd [nscd]0.48-2

Versions of packages nslcd suggests:
pn  kstart  

-- debconf information:
  nslcd/ldap-sasl-realm:
* nslcd/ldap-starttls: true
* nslcd/ldap-reqcert: demand
  nslcd/ldap-sasl-secprops:
* nslcd/ldap-binddn:
* nslcd/ldap-base: dc=loos,dc=site
  nslcd/ldap-sasl-krb5-ccname: /var/run/nslcd/nslcd.tkt
* nslcd/ldap-auth-type: none
* nslcd/ldap-uris: ldapi:///var/run/slapd/ldapi ldap://genie.loos.site/ 
ldap://gnome.loos.site/
  nslcd/ldap-sasl-authcid:
  nslcd/ldap-sasl-mech:
  nslcd/ldap-sasl-authzid:


-- 
To UNSUBSCRIBE, email to debian-bugs-rc-requ...@lists.debian.org
with a subject of "unsubscribe". Trouble? Contact listmas...@lists.debian.org

Bug#696445: nslcd: Discards local modifications in nslcd.conf without warning

2012-12-21 Thread Dominik George 
Package: nslcd
Followup-For: Bug #696445
Control: tags -1 + moreinfo

Hi,

I have looked into the config and postinst script to find some hints on
why this might happen. Here are some remarks, be they relevant or not:

- Using backticks in shell scripts is incompatible and might break with
  some shells, POSIX says use $()
- postinst, line 93: Just replacing any occurence of nss-ldapd with nslcd
  in the config file is a bit over the top and might^Wwill break. Simple,
  and bug-related, example: user has- their cacertfile stored in
  /etc/ssl/certs/nss-ldapd-cacert.pem or something. A fix would be to use
  look-around assertions on ^# to only replace matches on lines that are
  comments.

Arno, can you provide the config files of the two systems from *before*
they got clobbered? When sending them to the BTS as attachments, please
gzip them beforehand due to #695627 breaking plaintext attachments.

Cheers,
Nik

-- System Information:
Debian Release: 7.0
  APT prefers unstable
  APT policy: (500, 'unstable'), (1, 'experimental')
Architecture: amd64 (x86_64)
Foreign Architectures: i386

Kernel: Linux 3.6-trunk-amd64 (SMP w/2 CPU cores)
Locale: LANG=de_DE.UTF-8, LC_CTYPE=de_DE.UTF-8 (charmap=UTF-8)
Shell: /bin/sh linked to /bin/mksh

Versions of packages nslcd depends on:
ii  adduser3.113+nmu3
ii  debconf [debconf-2.0]  1.5.48
ii  libc6  2.13-37
ii  libgssapi-krb5-2   1.10.1+dfsg-3
ii  libldap-2.4-2  2.4.31-1

Versions of packages nslcd recommends:
ii  bind9-host [host]   1:9.8.4.dfsg.P1-1
ii  host1:9.8.4.dfsg.P1-1
ii  ldap-utils  2.4.31-1
ii  libnss-ldapd [libnss-ldap]  0.8.10-4
ii  libpam-ldapd [libpam-ldap]  0.8.10-4
ii  nscd2.13-37

Versions of packages nslcd suggests:
pn  kstart  

-- debconf information:
  nslcd/ldap-sasl-realm:
  nslcd/ldap-starttls: false
  nslcd/ldap-sasl-krb5-ccname: /var/run/nslcd/nslcd.tkt
  nslcd/ldap-auth-type: none
  nslcd/ldap-reqcert:
* nslcd/ldap-uris: ldap://172.29.10.100 ldap://172.29.10.1
  nslcd/ldap-sasl-secprops:
  nslcd/ldap-binddn:
  nslcd/ldap-sasl-authcid:
  nslcd/ldap-sasl-mech:
* nslcd/ldap-base: dc=naturalnet,dc=de
  nslcd/ldap-sasl-authzid:


-- 
To UNSUBSCRIBE, email to debian-bugs-rc-requ...@lists.debian.org
with a subject of "unsubscribe". Trouble? Contact listmas...@lists.debian.org

Bug#696445: nslcd: Discards local modifications in nslcd.conf without warning

2012-12-23 Thread Arthur de Jong 
On Thu, 2012-12-20 at 22:24 +0100, Arno wrote:
> Which was caused by the removal of the line
> 
> tls_cacertfile /etc/ssl/certs/loos.site.pem
> 
> from nslcd.conf on upgrade.

This is really weird, nslcd package scripts shouldn't do anything with
this option (neither this version or any before).

Do you by any change have the configuration file before and after the
upgrade?

Also, can you confirm that this debconf information was in place after
the upgrade for the broken machine:

* nslcd/ldap-auth-type: none
* nslcd/ldap-base: dc=loos,dc=site
  nslcd/ldap-binddn:
* nslcd/ldap-reqcert: try
  nslcd/ldap-sasl-authcid:
  nslcd/ldap-sasl-authzid:
  nslcd/ldap-sasl-krb5-ccname: /var/run/nslcd/nslcd.tkt
  nslcd/ldap-sasl-mech:
  nslcd/ldap-sasl-realm:
  nslcd/ldap-sasl-secprops:
* nslcd/ldap-starttls: true
* nslcd/ldap-uris: ldap://gnome.loos.site ldap://genie.loos.site

Do you recall if any debconf prompts were shown during the upgrade?

Thanks,

-- 
-- arthur - adej...@debian.org - http://people.debian.org/~adejong --


signature.asc
Description: This is a digitally signed message part

Bug#696445: nslcd: Discards local modifications in nslcd.conf without warning

2012-12-23 Thread Arthur de Jong 
On Fri, 2012-12-21 at 12:40 +0100, Dominik George wrote:
> I have looked into the config and postinst script to find some hints on
> why this might happen. Here are some remarks, be they relevant or not:

Thanks for the feedback. Always good to have another set of eyes looking
at the code.

> - Using backticks in shell scripts is incompatible and might break with
>   some shells, POSIX says use $()

I will consider replacing backticks with $() but this requires very
careful testing because backslash handling seems to be different. I
occasionally make shellscripts that also have to work on Solaris
where /bin/sh doesn't have $().

> - postinst, line 93: Just replacing any occurence of nss-ldapd with nslcd
>   in the config file is a bit over the top and might^Wwill break. Simple,
>   and bug-related, example: user has- their cacertfile stored in
>   /etc/ssl/certs/nss-ldapd-cacert.pem or something. A fix would be to use
>   look-around assertions on ^# to only replace matches on lines that are
>   comments.

Thanks, I'll drop the conversion code because that is only useful for
upgrades from before version 0.7 (when upgrading from lenny).

Neither of these things should be a problem for this particular bug and
I don't think these changes should be in the release targeted towards
wheezy (although the second change is simple enough).

> Arno, can you provide the config files of the two systems from
> *before* they got clobbered? When sending them to the BTS as
> attachments, please gzip them beforehand due to #695627 breaking
> plaintext attachments.

I don't think you sent your message to Arno but I've asked again.

Thanks for looking into this,

-- 
-- arthur - adej...@debian.org - http://people.debian.org/~adejong --


signature.asc
Description: This is a digitally signed message part

Bug#696445: nslcd: Discards local modifications in nslcd.conf without warning

2013-01-09 Thread Arthur de Jong 
Hi Arno,

On Sun, 2012-12-23 at 12:39 +0100, Arthur de Jong wrote:
> Do you by any change have the configuration file before and after the
> upgrade?
> 
> Also, can you confirm that this debconf information was in place after
> the upgrade for the broken machine:
> 
> * nslcd/ldap-auth-type: none
> * nslcd/ldap-base: dc=loos,dc=site
>   nslcd/ldap-binddn:
> * nslcd/ldap-reqcert: try
>   nslcd/ldap-sasl-authcid:
>   nslcd/ldap-sasl-authzid:
>   nslcd/ldap-sasl-krb5-ccname: /var/run/nslcd/nslcd.tkt
>   nslcd/ldap-sasl-mech:
>   nslcd/ldap-sasl-realm:
>   nslcd/ldap-sasl-secprops:
> * nslcd/ldap-starttls: true
> * nslcd/ldap-uris: ldap://gnome.loos.site ldap://genie.loos.site
> 
> Do you recall if any debconf prompts were shown during the upgrade?

Can you provide some more information on this bugreport?

Without more information I won't be able to look into this.

Thanks,

-- 
-- arthur - adej...@debian.org - http://people.debian.org/~adejong --


signature.asc
Description: This is a digitally signed message part

Bug#696445: nslcd: Discards local modifications in nslcd.conf without warning

2013-03-01 Thread Russ Allbery 
Should this bug be downgraded until it can be confirmed as reproducible?
I also looked through the postinst script and, while it's complex, I
didn't see any obvious way in which it could produce the behavior
described here.

-- 
Russ Allbery (r...@debian.org)   


-- 
To UNSUBSCRIBE, email to debian-bugs-rc-requ...@lists.debian.org
with a subject of "unsubscribe". Trouble? Contact listmas...@lists.debian.org

Bug#696445: nslcd: Discards local modifications in nslcd.conf without warning

2013-03-02 Thread Arthur de Jong 
Control: severity -1 important
Control: tags -1 + unreproducible

On Fri, 2013-03-01 at 16:02 -0800, Russ Allbery wrote:
> Should this bug be downgraded until it can be confirmed as
> reproducible? I also looked through the postinst script and, while
> it's complex, I didn't see any obvious way in which it could produce
> the behavior described here.

I'll downgrade to important and marked it as unreproducible. Once more
information is present or the bug is reproducible I'll up the severity
again.

The postinst is indeed a bit complex which is mainly due to the fact
that I want to support setting up a basic configuration with Debconf
(with a smooth upgrade path from libnss-ldap and reasonable guesses for
defaults). It currently also supports preseeding and reconfiguring an
already present configuration which adds to the complexity. Suggestions
for another approach or ways to improve the current situation are more
than welcome.

Thanks,

-- 
-- arthur - adej...@debian.org - http://people.debian.org/~adejong --


signature.asc
Description: This is a digitally signed message part

Processed: Re: Bug#696445: nslcd: Discards local modifications in nslcd.conf without warning

2013-03-02 Thread Debian Bug Tracking System 
Processing control commands:

> severity -1 important
Bug #696445 [nslcd] nslcd: Discards local modifications in nslcd.conf without 
warning
Severity set to 'important' from 'serious'
> tags -1 + unreproducible
Bug #696445 [nslcd] nslcd: Discards local modifications in nslcd.conf without 
warning
Added tag(s) unreproducible.

-- 
696445: http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=696445
Debian Bug Tracking System
Contact ow...@bugs.debian.org with problems


--
To UNSUBSCRIBE, email to debian-bugs-rc-requ...@lists.debian.org
with a subject of "unsubscribe". Trouble? Contact listmas...@lists.debian.org