Bug#398436: openssh-server: dosen't install on ldap enabled box (usermod fails)

[Witold Baryluk <baryluk@smp.if.uj.edu.pl>]

Package: openssh-server
Version: 1:4.3p2-5
Severity: important

I have a set of boxes which uses ldap authentification.
Yesterday i considered it will be usefull to install
ssh-server on them (there was ssh-client) for
remote updates.

so apt-get install openssh-server
...
Konfigurowanie openssh-server (4.3p2-5.1) ...
usermod: nie znaleziono sshd w /etc/passwd
dpkg: b��d przetwarzania openssh-server (--configure):
 podproces post-installation script zwr�ci� kod b��du 6
...

I think here is a problem:

/var/lib/dpkg/info/openssh-server.postinst : 292

fix_sshd_shell() {
    if getent passwd sshd | grep -q ':/bin/false$'; then
	        usermod -s /usr/sbin/nologin sshd
    fi
}

And
root@neutrino:/home2/baryluk# getent passwd sshd
sshd:x:101:65534:sshd:/var/run/sshd:/bin/false

but usermod:
usermod -s /usr/sbin/nologin sshd
usermod: nie znaleziono sshd w /etc/passwd

so it looks like usermod is using /etc/passwd any way.

# grep sshd /etc/passwd
# empty

Additional info:
# cat /etc/nsswitch.conf
passwd: compat ldap
group: compat ldap
shadow: compat

...
# cat /etc/libnss-ldap.conf
host 10.0.1.1
base dc=smp,dc=if,dc=uj,dc=edu,dc=pl
ldap_version 3
rootbinddn cn=ldapadmin,dc=smp,dc=if,dc=uj,dc=edu,dc=pl
scope sub
# ustawione bo udev przy bootowaniu jest skopany
bind_policy soft

nss_base_passwd         ou=People,dc=smp,dc=if,dc=uj,dc=edu,dc=pl
nss_base_shadow         ou=People,dc=smp,dc=if,dc=uj,dc=edu,dc=pl
nss_base_group          ou=Group,dc=smp,dc=if,dc=uj,dc=edu,dc=pl
nss_base_aliases        ou=Aliases,dc=smp,dc=if,dc=uj,dc=edu,dc=pl

# nscd running

# ldd `which usermod` | grep pam
# empty (usermod is using /etc/passwd directly!)

Suggestion: Use chsh (which use PAM).


-- System Information:
Debian Release: testing/unstable
  APT prefers testing
  APT policy: (990, 'testing')
Architecture: i386 (i686)
Shell:  /bin/sh linked to /bin/dash
Kernel: Linux 2.6.17-2-k7
Locale: LANG=pl_PL.UTF-8, LC_CTYPE=pl_PL.UTF-8 (charmap=UTF-8) (ignored: LC_ALL set to pl_PL.UTF-8)

Versions of packages openssh-server depends on:
ii  adduser  3.99                            Add and remove users and groups
ii  debconf  1.5.8                           Debian configuration management sy
ii  dpkg     1.13.22                         package maintenance system for Deb
ii  libc6    2.3.6.ds1-7                     GNU C Library: Shared libraries
ii  libcomer 1.39+1.40-WIP-2006.10.02+dfsg-2 common error description library
ii  libkrb53 1.4.4-3                         MIT Kerberos runtime libraries
ii  libpam-m 0.79-4                          Pluggable Authentication Modules f
ii  libpam-r 0.79-4                          Runtime support for the PAM librar
ii  libpam0g 0.79-4                          Pluggable Authentication Modules l
ii  libselin 1.32-2                          SELinux shared libraries
ii  libssl0. 0.9.8c-3                        SSL shared libraries
ii  libwrap0 7.6.dbs-11                      Wietse Venema's TCP wrappers libra
ii  openssh- 1:4.3p2-5                       Secure shell client, an rlogin/rsh
ii  zlib1g   1:1.2.3-13                      compression library - runtime

openssh-server recommends no packages.

-- debconf information:
  ssh/insecure_rshd:
  ssh/insecure_telnetd:
  ssh/new_config: true
* ssh/use_old_init_script: true
  ssh/disable_cr_auth: false
  ssh/encrypted_host_key_but_no_keygen: