Package: libnss-ldap Version: 251-1 Severity: normal The current approach, how the debconf values like uri, base etc are written to /etc/libnss-ldap.conf has several deficiencies: 1.) It does not preserve user configurations. 2.) It simply replaces the first occurence of the variable with the value from debconf. Before: # Another way to specify your LDAP server is to provide an # uri with the server name. This allows to use # Unix Domain Sockets to connect to a local LDAP Server. #uri ldaps://127.0.0.1/ ... After: # Another way to specify your LDAP server is to provide an uri ldaps://localhost # Unix Domain Sockets to connect to a local LDAP Server. #uri ldap://127.0.0.1/ ...
This is rather odd, because it kills the comment and it is not very safe. I'd suggest you introduce markers in /etc/libnss-ldap.conf, where you surround the to be configured value and only replace the value within those markers. E.g: ###DEBCONF_URI_BEGIN### #uri ... ###DEBCONF_URI_END### ###DEBCONF_BASE_BEGIN### #base ... ###DEBCONF_BASE_END### and so on. This is similar to how /boot/grub/menu.lst is configured atm. A section managed by update-grub and a section which can be configured by the administrator. Cheers, Michael -- System Information: Debian Release: testing/unstable APT prefers unstable APT policy: (500, 'unstable'), (300, 'experimental') Architecture: i386 (i686) Shell: /bin/sh linked to /bin/bash Kernel: Linux 2.6.17.1 Locale: LANG=de_DE.UTF-8, LC_CTYPE=de_DE.UTF-8 (charmap=UTF-8) Versions of packages libnss-ldap depends on: ii debconf [debconf-2.0] 1.5.2 Debian configuration management sy ii libc6 2.3.6-15 GNU C Library: Shared libraries ii libkrb53 1.4.3-7 MIT Kerberos runtime libraries ii libldap2 2.1.30-13+b1 OpenLDAP libraries Versions of packages libnss-ldap recommends: ii libpam-ldap 180-1 Pluggable Authentication Module al ii nscd 2.3.6-15 GNU C Library: Name Service Cache -- debconf information excluded -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED]
