[Date Prev][Date Next] [Thread Prev][Thread Next] [Date Index] [Thread Index]

Request for review

Hello list,

Can you review the attached debconf templates file? I have just added
the libnss-ldapd/ldap-starttls and libnss-ldapd/ldap-reqcert templates
but would welcome feedback on the whole thing.

Thanks for your help,

(please keep me in Cc because I'm not subscribed to the list)

-- arthur - adejong@debian.org - http://people.debian.org/~adejong --
Template: libnss-ldapd/ldap-uris
Type: string
_Description: LDAP server URI:
 Please enter the Uniform Resource Identifier of the LDAP server. The format
 is 'ldap://<hostname_or_IP>:<port>/'. Alternatively, 'ldaps://' or 'ldapi://'
 can be used. The port number is optional.
 When using an ldap or ldaps scheme it is recommended to use an IP address to
 avoid failures when domain name services are unavailable.
 Multiple URIs can be be specified by separating them with spaces.

Template: libnss-ldapd/ldap-base
Type: string
_Description: LDAP server search base:
 Please enter the distinguished name of the LDAP search base. Many sites use
 the components of their domain names for this purpose. For example, the
 domain "example.net" would use "dc=example,dc=net" as the distinguished name
 of the search base.

Template: libnss-ldapd/ldap-binddn
Type: string
_Description: LDAP database user:
 If the LDAP database requires a login for normal lookups, enter the name of
 the account that will be used here. Leave empty otherwise.
 This value should be specified as a DN (distinguished name).

Template: libnss-ldapd/ldap-bindpw
Type: password
_Description: LDAP user password:
 Enter the password that will be used to log in to the LDAP database.

Template: libnss-ldapd/ldap-starttls
Type: boolean
_Description: Use StartTLS?
 Please choose whether the connection to the LDAP server should use
 StartTLS to encrypt the connection.

Template: libnss-ldapd/ldap-reqcert
Type: select
Choices: never, allow, try, demand
_Description: Check server SSL certificate?
 When an encrypted connection is used a server certificate can be requested
 and checked. This option determines whether the server should provide a
 certificate and whether the certificate should be checked for validity.
  * never: no certificate will be requested or checked
  * allow: a certificate will be requested but it is not
           required or checked
  * try: a certificate will be requested and checked but if no
         certificate is provided it is ignored
  * demand: a certificate will be requested, required and checked
 Note that at least one of the tls_cacertdir or tls_cacertfile options should
 be put in /etc/nss-ldapd.conf if certificate checking is enabled.

Template: libnss-ldapd/nsswitch
Type: multiselect
Choices: aliases, ethers, group, hosts, netgroup, networks, passwd, protocols, rpc, services, shadow
_Description: Name services to configure:
 For this package to work, you need to modify your /etc/nsswitch.conf to use
 the ldap datasource.
 You can select the services that should be enabled or disabled for LDAP
 lookups. The new LDAP lookups will be added as last option. Be sure to review
 these changes.

Template: libnss-ldapd/clean_nsswitch
Type: boolean
Default: false
_Description: Remove LDAP from nsswitch.conf now?
 LDAP is still configured for name lookups for the following services:
 but the libnss-ldapd package is about to be removed.
 You are advised to remove the entries if you don't plan on using LDAP for
 name resolution any more. Not removing ldap from nsswitch.conf should, for
 most services, not cause problems, but host name resolution could be affected
 in subtle ways.
 You can edit /etc/nsswitch.conf by hand or chose to remove the entries
 automatically now. Be sure to review the changes to /etc/nsswitch.conf if you
 chose to remove the entries now.

Attachment: signature.asc
Description: This is a digitally signed message part

Reply to: