[Date Prev][Date Next] [Thread Prev][Thread Next] [Date Index] [Thread Index]

Re: [RFR] templates://libpam-ldap/{templates}

Christian Perrier wrote:
> Your review should be sent as an answer to this mail.

This one's tricky.  The English isn't bad - I just have trouble
understanding what it's trying to say.  So I'm not going to offer a
patch yet. 

>  Template: libpam-ldap/rootbinddn
>  _Description: LDAP account for root:
> - This account will be used when root changes a password.
> + Please enter the LDAP account that will be used when the local
> + root account for this machine changes a password.

Apparently, at some point in the future, "the (local) root account"
will change a password (presumably meaning one that's stored in
LDAP), and the question I'm being asked is... what LDAP account
"will be used" for this?  Okay, I'll guess "mine".  Do I win a

> - Note: This account has to be a privileged account.
> + This account has to be a privileged account.

Is it saying that I have to select one of the privileged accounts,
because normal user accounts can't have LDAP write-access?  Or is it
warning that the account I nominate will thereby become privileged?
Or is this account one that's going to be created now?

The best sense I can make of all this is that it's trying to say:

 _Description: LDAP administrative account:
  Please enter the name of the LDAP account that should be created with
  administrative privileges (required for write-access to the database).

But that doesn't explain why it talks about the local root account.

>  Template: libpam-ldap/rootbindpw
>  _Description: LDAP root account password:
>   Please enter the password to use when ${package} tries to
>   login to the LDAP directory using the LDAP account for root.

"To log in", verb.  But... what's going on?  Packages have logins?
If "the LDAP account for root" is the one I just named, it would be
helpful if it would remember and use that name...

> + The password will be stored in a separate file (${filename})
>   which will be made readable to root only.
>   .
> + If that field is left empty, the previously stored password will
> + be re-used.

>  Template: libpam-ldap/dblogin
>  Type: boolean
>  Default: false
>  _Description: Does the LDAP database require login?
> + Please choose whether the LDAP server enforces a login before
> + retrieving entries.

s/enforces/should enforce/ - this one makes some sense.

>   .
> - Note: Under a normal setup, this is not needed.
> + Such setup is unusual and therefore unneeded in most situations.

I don't follow that "therefore" - just say:

    Such a setup is not usually needed.

>  Template: shared/ldapns/base-dn
>  Type: string
>  Default: dc=example,dc=net
>  _Description: Distinguished name of the search base:
> + Please enter the distinguished name of the LDAP search base. Many sites
> + use the components of their domain names for this purpose. For example,
>   the domain 'example.net' would use 'dc=example,dc=net' as the
>   distinguished name of the search base.
> Use single quotes (the 'standard' we finally settled upon)

Did we?  Oh well.

>   Template: libpam-ldap/pam_password
> +_Description: Local encryption algorithm to use for passwords:

Oh, "encryption algorithm", _that's_ what it means!  And it goes on
to explain the "local" part.  Yes, I like this one.

>  Template: libpam-ldap/binddn
>  Type: string
>  Default: cn=proxyuser,dc=example,dc=net

What an odd default.

>  _Description: Unprivileged database user:
> - Please enter the name of the account that will be used to log in to the LDAP
> + Please enter the name of the account that will be used to login to the LDAP
>   database.
> Justin will confirm (or not). I think this is debated but, in that
> case, the presence of "to" makes the two words version look strange.

No; "login/on/out", "setup", "backup" and so on are one-word nouns;
but the verbs are separable - "to log yourself in", "setting it up"
etcetera.  However, native-speakers tend to agree that "log in to"
seems strange - it's often written "log into".  And we've also got
a "used to" there, which is easy to misread, and another
misleadingly impersonal use of the passive.  Maybe it should be 
rephrased as:

    Please enter the name of the LDAP account that should be created for
    non-administrative logins.

Then later:
>  Template: libpam-ldap/bindpw
>  Type: password
>  _Description: Password for database login account:
> + Please enter the password that will be used to login to the LDAP database.

That's not very helpful... after all. does it mean the privileged
one (from libpam-ldap/rootbinddn) or the unprivileged one (from
libpam-ldap/binddn)?  I'm aware this would require extra work,
but it seems to me the best way of asking this would be by saying:

    Please enter the password for the (non-administrative) ${user} account.
>  Template: libpam-ldap/override
> +_Description: Manage libpam-ldap configuration automatically?
> + The libpam-ldap package configuration may be managed automatically
> + from answers to questions asked during the configuration process.

Maybe s/from/using the/.

> + The resulting configuration file may overwrite local changes.
> + .
> + If you do not choose this option, no further questions will be asked
> + and the configuration has to be done manually.

Maybe /has to/will need to/.
> PS: I found nothing to change in the package's description in debian/control

Agreed, it was a relief to read.
JBR	with qualifications in linguistics, experience as a Debian
	sysadmin, and probably no clue about this particular package

Reply to: