On Sat, 2022-01-08 at 20:19 +0100, Nicolas Peugnet wrote: > I just ran into this bug. If I understand correctly it should have > been fixed by this commit: > <https://arthurdejong.org/git/nss-pam-ldapd/commit/?id=37a00e988304dd8b3b04886b56ecc713347f596f> > which is in Debian since version 0.9.12-1. > > Just to be sure Arthur, would setting this option to "no" indeed make > the OpenLDAP server stop logging entries like the following? > > slap_global_control: unrecognized control: 1.3.6.1.4.1.42.2.27.8.5.1
Yes, the pam_authc_ppolicy option is used to disable requesting that control, see https://arthurdejong.org/nss-pam-ldapd/nslcd.conf.5#pam_authc_ppolicy While the option was added in 0.9.7 it was non-functional until it was fixed in 0.9.12. > And would it be a good idea to back-port this patch to stable ? The missing control logged by the LDAP server should not be harmful in any way because it is marked as not critical which means it is just a warning that can be ignored. I doubt this would be severe enough an issue to warrant an update for bullseye. -- -- arthur - art...@arthurdejong.org - https://arthurdejong.org/ --
signature.asc
Description: This is a digitally signed message part
