[Date Prev][Date Next] [Thread Prev][Thread Next] [Date Index] [Thread Index]

Bug#378307: marked as done (finger-ldap does not handle multiple nss_base_passwd options)

Your message dated Sun, 12 Sep 2010 15:09:52 +0000
with message-id <E1OuoBk-0001Gp-Kf@merkel.debian.org>
and subject line Package finger-ldap has been removed from Debian
has caused the Debian Bug report #378307,
regarding finger-ldap does not handle multiple nss_base_passwd options
to be marked as done.

This means that you claim that the problem has been dealt with.
If this is not the case it is now your responsibility to reopen the
Bug report if necessary, and/or fix the problem forthwith.

(NB: If you are a system administrator and have no idea what this
message is talking about, this may indicate a serious mail system
misconfiguration somewhere. Please contact owner@bugs.debian.org

378307: http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=378307
Debian Bug Tracking System
Contact owner@bugs.debian.org with problems
--- Begin Message ---
Package: finger-ldap
Version: 1.3-1

The libnss-ldap.conf configuration file can contain multiple nss_base_passwd options - finger-ldap
however only reads the last one.

Example config file:

base dc=example,dc=com
binddn cn=admin,dc=example,dc=com
rootbinddn cn=admin,dc=example,dc=com
idle_timelimit 3600
pam_login_attribute uid
pam_check_host_attr no
pam_password exop
nss_base_passwd ou=systemusers,dc=example,dc=com?one
nss_base_passwd ou=users,dc=example,dc=com?one
nss_base_shadow ou=systemusers,dc=example,dc=com?one
nss_base_shadow ou=users,dc=example,dc=com?one
nss_base_group  ou=groups,dc=example,dc=com?one

In this case, finger-ldap only uses ou=users,dc=example,dc=com.

This feature is documented in the nss_ldap(5) manpage that ships with package libnss-ldap/251-1:

nss_base_<map> <basedn?scope?filter>
              Specify the search base, scope and filter to be used for specific maps. (Note that map
forms part of the  configuration  file keyword and is one of passwd, shadow, group, hosts, services,
networks, protocols, rpc, ethers, netmasks, bootparams, aliases and netgroup.)  The syntax of basedn
and scope are the same as for the configuration file options of the same name, with  the addition
of  being  able  to  omit  the  trailing  suffix  of the base DN (in which case the global base DN
will be appended instead).  The filter is a search filter to be added to the default search filter
for a specific map, such that the effective filter is the logical intersection of the two. The base
DN, scope and filter are separated with literal question marks (?) as given above; this is for
compatibility with the DUA configuration profile schema and the ldapprofile tool. This option may be
specified multiple times.

I am using finger-ldap/1.1-2 (stable), but the code indicates that the problem also exists in
finger-ldap/1.3-1 (testing/unstable).



--- End Message ---
--- Begin Message ---
Version: 1.3-2+rm

You filed the bug http://bugs.debian.org/378307 in Debian BTS
against the package finger-ldap. I'm closing it at *unstable*, but it will
remain open for older distributions.

For more information about this package's removal, read
http://bugs.debian.org/596531. That bug might give the reasons why
this package was removed and suggestions of possible replacements.

Don't hesitate to reply to this mail if you have any question.

Thank you for your contribution to Debian.

Luca Falavigna

--- End Message ---

Reply to: