Upgrading nslcd on precise rewrites /etc/nslcd.conf, leaving users with unusable systems
Affects | Status | Importance | Assigned to | Milestone | |
---|---|---|---|---|---|
nss-pam-ldapd (Ubuntu) |
Confirmed
|
Undecided
|
Unassigned |
Bug Description
Ubuntu release: 12.04.1
Package version: 0.8.4ubuntu0.2 and 0.8.4ubuntu0.3
We use ldap for user auth. Our /etc/nslcd.conf needed to be customised with certain tls and ssl options. Here's what the relevant parts looked like:
# The location at which the LDAP server(s) should be reachable.
uri ldaps:/
# SSL options
ssl yes
# needed for internal ldap to connect
tls_reqcert allow
The security update in 0.8.4ubuntu0.3 was installed.
What I expected to happen: The configuration should have been left as it was.
What actually happened: the options ended up like this:
# The location at which the LDAP server(s) should be reachable.
uri ldaps://127.0.0.1/
# SSL options
ssl yes
# needed for internal ldap to connect
#tls_reqcert allow
This left us unable to log in to any of our servers.
tags: | added: precise regression-update |
I have just been affected by this exact same bug -- and it has caused us to be unable log in to our machines with any LDAP users.
This bug has very high impact but should be rather straightforward to fix -- shouldn't the config file not be touched if it has been modified from the original?