On Mon, 2010-12-27 at 17:43 +0100, Julien Cristau wrote: > On Mon, Dec 27, 2010 at 17:39:25 +0100, Arthur de Jong wrote: > > I will prepare a patch (or would you prefer something in the > > NewInSqueeze wiki page?). > > A patch would be good, I think. Attached is my proposal for the "What's new in Debian" section. -- -- arthur - adejong@debian.org - http://people.debian.org/~adejong --
Index: en/whats-new.dbk =================================================================== --- en/whats-new.dbk (revision 7992) +++ en/whats-new.dbk (working copy) @@ -437,6 +437,42 @@ </section> +<section id="ldap"> + <title><acronym>LDAP</acronym> support</title> + <indexterm><primary>LDAP</primary></indexterm> + <para> + With this release Debian comes with several options for implementing + client-side authentication using LDAP. + Users of the <systemitem role="package">libnss-ldap</systemitem> and + <systemitem role="package">libpam-ldap</systemitem> packages are + recommended to consider upgrading to + <systemitem role="package">libnss-ldapd</systemitem> and + <systemitem role="package">libpam-ldapd</systemitem>. + </para> + <para> + These newer packages delegate the <acronym>LDAP</acronym> queries to a central unprivileged + daemon (<command>nslcd</command>) that provides separation between the process using the <acronym>LDAP</acronym> + information and the daemon performing <acronym>LDAP</acronym> queries. This simplifies + handling of secured <acronym>LDAP</acronym> connections, + <acronym>LDAP</acronym> authentication credentials, provides a simpler + mechanism to perform connection fail-over and debugging and avoids + loading <acronym>LDAP</acronym> and related libraries into most + applications. + </para> + <para> + Upgrading to <systemitem role="package">libnss-ldapd</systemitem> and + <systemitem role="package">libpam-ldapd</systemitem> should be easy + as existing configuration information will be re-used mostly. + Only for advanced configuration should any manual reconfiguration be + necessary. + </para> + <para> + These packages however currently lack support for nested groups and only + support password change using the <acronym>LDAP</acronym> password modify + EXOP operation. + </para> +</section> + <section id="proposed-updates-intro"> <title>The proposed-updates section</title> <para>
Attachment:
signature.asc
Description: This is a digitally signed message part