Inappropriate description of using auth-client-config and libnss-ldap in Ubuntu OpenLDAP Server Documentation

Thanks for reporting this bug and helping to make Ubuntu better. I guess I'm a little unclear on why the statement is misleading?

You are correct when you say "this is a optional package if I was NOT going to configure any Ubuntu client to authenticate using LDAP". For example you can run OpenLDAP on your server and not configure it to authenticate users to the directory, but configure Ubuntu desktop machines to authenticate using libnss-ldap.

Can you clarify this statement: "And laterly I found the libnss-ldap is a MUST have component regardless of your client type. If nss-ldap is not configured properly then you can't work out."

Does that mean that you had to install libnss-ldap on the server in order to authenticate clients? Because on my servers I do not have libnss-ldap and they are able to authenticate clients just fine.

Well, "if I was NOT going to configure any Ubuntu client to authenticate
using LDAP, I don't need libnss-ldap" = "I don't need to use libnss-ldap
component when my client is Windows". But it was not true, I have to
install and setup correcnt under SAMBA+LDAP environment.

On Thu, Mar 5, 2009 at 8:02 PM, Adam Sommer <email address hidden> wrote:

> Thanks for reporting this bug and helping to make Ubuntu better. I
> guess I'm a little unclear on why the statement is misleading?
>
> You are correct when you say "this is a optional package if I was NOT
> going to configure any Ubuntu client to authenticate using LDAP". For
> example you can run OpenLDAP on your server and not configure it to
> authenticate users to the directory, but configure Ubuntu desktop
> machines to authenticate using libnss-ldap.
>
> Can you clarify this statement: "And laterly I found the libnss-ldap is
> a MUST have component regardless of your client type. If nss-ldap is not
> configured properly then you can't work out."
>
> Does that mean that you had to install libnss-ldap on the server in
> order to authenticate clients? Because on my servers I do not have
> libnss-ldap and they are able to authenticate clients just fine.
>
>
> ** Changed in: ubuntu-doc
> Assignee: (unassigned) => Adam Sommer (asommer)
> Status: New => Incomplete
>
> --
> Inappropriate description of using auth-client-config and libnss-ldap in
> Ubuntu OpenLDAP Server Documentation
> https://bugs.launchpad.net/bugs/333437
> You received this bug notification because you are a direct subscriber
> of the bug.
>
> Status in Ubuntu Documentation: Incomplete
>
> Bug description:
> In the Ubuntu OpenLDAP Server document, the first line in the session of
> LDAP Authentication, the author said "the auth-client-config and libnss-ldap
> packages take the pain out of configuring an Ubuntu client to authenticate
> using LDAP." I am wondering this can be a misleading statement coz I was
> thinking of this is a optional package if I was NOT going to configure any
> Ubuntu client to authenticate using LDAP. In my case, all my client
> computers are windows XP, I'm configuring LDAP+Samba on Ubuntu. And laterly
> I found the libnss-ldap is a MUST have component regardless of your client
> type. If nss-ldap is not configured properly then you can't work out.
>

On Fri, Mar 6, 2009 at 3:51 AM, georgehu <email address hidden> wrote:

> Well, "if I was NOT going to configure any Ubuntu client to authenticate
> using LDAP, I don't need libnss-ldap" = "I don't need to use libnss-ldap
> component when my client is Windows". But it was not true, I have to
> install and setup correcnt under SAMBA+LDAP environment.
>

Apologies you are correct, when using Samba and LDAP the server needs to be
configured to lookup names in LDAP. There is actually a note in the first
paragraph of the Samba and LDAP Section:

"This section covers configuring Samba to use LDAP for user, group, and
machine account information and authentication. The assumption is, you
already have a working OpenLDAP directory installed and the server is
configured to use it for authentication."

I've also added a note to the end of the LDAP Authentication section. Do
you think that this is sufficient to solve the bug?

For you original question about this statement:

  "the auth-client-config and libnss- ldap packages take the pain out of
configuring an Ubuntu client to authenticate using LDAP."

I think the statement is valid because using those tools to configure LDAP
authentication saves you from having to edit 5 separate files. Hopefully
things are more clear with the additional note?

Thanks again for reporting this bug.

--
Party On,
Adam

Hi Adam,

Thanks for your reply! I appreciate that you read my suggestion and have the
adjustment finally. It was my first time to configure the OpenLdap on Linux,
for an expert like you may presume some of the technical detail may be
apparent enough, but for the newbie like me have to depend on the guide like
a blind. So, some of the information can be critical so you have to make the
statement very specifically.

Thanks again!

George Hu

On Mon, Mar 9, 2009 at 5:51 PM, Adam Sommer <email address hidden> wrote:

> On Fri, Mar 6, 2009 at 3:51 AM, georgehu <email address hidden> wrote:
>
> > Well, "if I was NOT going to configure any Ubuntu client to authenticate
> > using LDAP, I don't need libnss-ldap" = "I don't need to use libnss-ldap
> > component when my client is Windows". But it was not true, I have to
> > install and setup correcnt under SAMBA+LDAP environment.
> >
>
>
> Apologies you are correct, when using Samba and LDAP the server needs to be
> configured to lookup names in LDAP. There is actually a note in the first
> paragraph of the Samba and LDAP Section:
>
> "This section covers configuring Samba to use LDAP for user, group, and
> machine account information and authentication. The assumption is, you
> already have a working OpenLDAP directory installed and the server is
> configured to use it for authentication."
>
> I've also added a note to the end of the LDAP Authentication section. Do
> you think that this is sufficient to solve the bug?
>
> For you original question about this statement:
>
> "the auth-client-config and libnss- ldap packages take the pain out of
> configuring an Ubuntu client to authenticate using LDAP."
>
> I think the statement is valid because using those tools to configure LDAP
> authentication saves you from having to edit 5 separate files. Hopefully
> things are more clear with the additional note?
>
> Thanks again for reporting this bug.
>
> --
> Party On,
> Adam
>
> --
> Inappropriate description of using auth-client-config and libnss-ldap in
> Ubuntu OpenLDAP Server Documentation
> https://bugs.launchpad.net/bugs/333437
> You received this bug notification because you are a direct subscriber
> of the bug.
>
> Status in Ubuntu Documentation: Incomplete
>
> Bug description:
> In the Ubuntu OpenLDAP Server document, the first line in the session of
> LDAP Authentication, the author said "the auth-client-config and libnss-ldap
> packages take the pain out of configuring an Ubuntu client to authenticate
> using LDAP." I am wondering this can be a misleading statement coz I was
> thinking of this is a optional package if I was NOT going to configure any
> Ubuntu client to authenticate using LDAP. In my case, all my client
> computers are windows XP, I'm configuring LDAP+Samba on Ubuntu. And laterly
> I found the libnss-ldap is a MUST have component regardless of your client
> type. If nss-ldap is not configured properly then you can't work out.
>

This bug was fixed in the package ubuntu-docs - 9.04.4