Re: [RFR] English debconf templates for nss-pam-ldapd
Arthur de Jong wrote:
> (please keep me in Cc as I'm not subscribed)
[...]
> Template: nslcd/ldap-uris
> Type: string
> _Description: LDAP server URI:
> Please enter the Uniform Resource Identifier of the LDAP server. The format
> is 'ldap://<hostname_or_IP_address>:<port>/'. Alternatively, 'ldaps://' or
> 'ldapi://' can be used. The port number is optional.
> .
> When using an ldap or ldaps scheme it is recommended to use an IP address to
> avoid failures when domain name services are unavailable.
> .
> Multiple URIs can be specified by separating them with spaces.
d-l-e House Style currently recommends double quotes - s/'/"/g.
>
> Template: nslcd/ldap-base
> Type: string
> _Description: LDAP server search base:
> Please enter the distinguished name of the LDAP search base. Many sites use
> the components of their domain names for this purpose. For example, the
> domain "example.net" would use "dc=example,dc=net" as the distinguished name
> of the search base.
>
> Template: nslcd/ldap-auth-type
> Type: select
> __Choices: none, simple, SASL
> Default: none
> _Description: LDAP authentication to use:
> If your LDAP database requires authentication you can choose which mechanism
> should be used. Please choose the mechanism by which authentication should
> be done:
I would recommend trimming the repetition and making it more distinct
from what ldap-sasl-mech asks for:
Please choose what type of authentication the LDAP database should
require (if any):
> * none: no authentication;
> * simple: simple clear text binddn/password;
> * SASL: one of the Simple Authentication and Security Layer
> mechanisms.
Does it really mean "cleartext"? It can't be "clear text" (asking for
a text password instead of... what?), and if it really means "stored
without encryption" it should say so more directly. And what's
"binddn/password"? Should it perhaps be:
* none: no authentication;
* simple: unencrypted BindDN password;
* SASL: any Simple Authentication and Security Layer mechanism.
> Template: nslcd/ldap-binddn
> Type: string
> _Description: LDAP database user:
> Enter the name of the account that will be used to log in to the LDAP
> database. This value should be specified as a DN (distinguished name).
>
> Template: nslcd/ldap-bindpw
> Type: password
> _Description: LDAP user password:
> Enter the password that will be used to log in to the LDAP database.
>
> Template: nslcd/ldap-sasl-mech
> Type: select
> __Choices: auto, LOGIN, PLAIN, NTLM, CRAM-MD5, DIGEST-MD5, GSSAPI, OTP
> _Description: SASL mechanism to use:
> Choose the SASL mechanism that will be used to authenticate to the LDAP
> database:
> * auto: autonegociation;
Spelling: "autonegotiation" (or even "auto-negotiation")
> * LOGIN: deprecated in flavor of PLAIN;
> * PLAIN: simple cleartext password mechanism;
s/cleartext/unencrypted/
> * NTLM: NT LAN Manager authentication mechanism;
> * CRAM-MD5: challenge-response scheme based on HMAC-MD5;
> * DIGEST-MD5: HTTP Digest compatible challenge-response scheme;
> * GSSAPI: used for Kerberos;
> * OTP: a One Time Password mechanism.
(I'm assuming the options here and in ldap-auth-type are sorted into a
kind of "ascending order".)
>
> Template: nslcd/ldap-sasl-realm
> Type: string
> _Description: SASL realm:
> Enter the SASL realm that will be used to authenticate to the LDAP
> database.
> .
> If empty, the GSSAPI mechanism will use information from the Kerberos
> credential cache. Others mechanisms may need @<REALM> suffixing sasl_authcid
> and sasl_authzid.
> .
> The realm is appended to authentication and authorisation identities.
Some en_US problems: s/Others/Other/, s/isation/ization/; and
pedantically speaking "if empty" means "if the GSSAPI mechanism is
empty", while presumably what you intended was "if the realm string is
empty". Unfortunately I'm having trouble rewriting that paragraph
because I just don't understand the second sentence at all. Other
mechanisms may need... what?
> Template: nslcd/ldap-sasl-authcid
> Type: string
> _Description: SASL authentication identity:
> Enter the SASL authentication identity that will be used to authenticate to
> the LDAP database.
> .
> This is the login used in LOGIN, PLAIN, CRAM-MD5 and DIGEST-MD5 mechanisms.
d-l-e House Style would add a serial comma here: ↑
>
> Template: nslcd/ldap-sasl-authzid
> Type: string
> _Description: SASL proxy authorisation identity:
> Enter the proxy authorisation identity that will be used to authenticate to
> the LDAP database.
> .
> This is the object in the name of witch the LDAP request are done.
> This value should be specified as a DN (distinguished name).
s/isation/ization/g, s/witch/which/, s/are/is/
>
> Template: nslcd/ldap-sasl-secprops
> Type: string
> _Description: Cyrus SASL security properties:
> Enter the Cyrus SASL security properties.
> Allowed values are described in the ldap.conf(5) manual page
> in the SASL OPTIONS section.
s/ SASL / SASL /
[...]
>From here on it all looks good to me.
--
JBR with qualifications in linguistics, experience as a Debian
sysadmin, and probably no clue about this particular package
Reply to: