[Date Prev][Date Next] [Thread Prev][Thread Next] [Date Index] [Thread Index]

Bug#273059: marked as done (PAM should canocolize uid with NSS before group membership is set)

Your message dated Wed, 16 Nov 2022 01:20:11 +0000
with message-id <E1ov763-0016tp-7a@fasolo.debian.org>
and subject line Bug#1024140: Removed package(s) from unstable
has caused the Debian Bug report #273059,
regarding PAM should canocolize uid with NSS before group membership is set
to be marked as done.

This means that you claim that the problem has been dealt with.
If this is not the case it is now your responsibility to reopen the
Bug report if necessary, and/or fix the problem forthwith.

(NB: If you are a system administrator and have no idea what this
message is talking about, this may indicate a serious mail system
misconfiguration somewhere. Please contact owner@bugs.debian.org
immediately.)


-- 
273059: https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=273059
Debian Bug Tracking System
Contact owner@bugs.debian.org with problems
--- Begin Message --- 
Package: libpam-ldap
Version: 169-1
Severity: important

When using pam-ldap, it is possible to login to the system using a non-case-sensitive version of a UID, based on the case sensitivity of the LDAP directory. For instance, my name is jhaltom, but I can log in as JHaltom. All programs work correctly, since they canocolize JHaltom to jhaltom using NSS.

However, pam-ldap does not set group memberships properly. For instance, if a uniquemember attribute of a group contains jhaltom, but I log in with JHaltom, the group membership is not set. The comparison should not be done on the user entered string, but on the fully canocolized version (jhaltom, not JHaltom).

-- System Information:
Debian Release: 3.1
  APT prefers unstable
  APT policy: (700, 'unstable'), (600, 'experimental')
Architecture: i386 (i686)
Kernel: Linux 2.6.6
Locale: LANG=en_US.UTF-8, LC_CTYPE=en_US.UTF-8

Versions of packages libpam-ldap depends on:
ii  debconf                     1.4.36       Debian configuration management sy
ii  libc6                       2.3.2.ds1-16 GNU C Library: Shared libraries an
ii  libldap2                    2.1.30-3     OpenLDAP libraries
ii  libpam0g                    0.76-22      Pluggable Authentication Modules l

-- debconf information:
* shared/ldapns/base-dn: dc=feedbackplusinc,dc=com
* shared/ldapns/ldap-server: jack
* libpam-ldap/pam_password: exop
  libpam-ldap/binddn: cn=proxyuser,dc=example,dc=net
* libpam-ldap/rootbinddn:
* libpam-ldap/dbrootlogin: true
  libpam-ldap/override: false
* shared/ldapns/ldap_version: 3
* libpam-ldap/dblogin: false

--- End Message ---
--- Begin Message --- 
Version: 265-6+rm

Dear submitter,

as the package libnss-ldap has just been removed from the Debian archive
unstable we hereby close the associated bug reports.  We are sorry
that we couldn't deal with your issue properly.

For details on the removal, please see https://bugs.debian.org/1024140

The version of this package that was in Debian prior to this removal
can still be found using http://snapshot.debian.org/.

Please note that the changes have been done on the master archive and
will not propagate to any mirrors until the next dinstall run at the
earliest.

This message was generated automatically; if you believe that there is
a problem with it please contact the archive administrators by mailing
ftpmaster@ftp-master.debian.org.

Debian distribution maintenance software
pp.
Scott Kitterman (the ftpmaster behind the curtain)

--- End Message ---
Reply to: