Package: libpam-ldap Version: 180-1.6 3rd report - can we please get an acknowledgement from somebody?
The package is still broken in how it handles existing settings upon upgrades, and these settings are critical to authentication working. -----Original Message----- From: Jamie ffolliott [mailto:[EMAIL PROTECTED] Sent: Monday, February 05, 2007 11:00 PM To: 'debian-release@lists.debian.org' Cc: '[EMAIL PROTECTED]'; '[EMAIL PROTECTED]' Subject: FW: libpam-ldap upgrade breaks pam_ldap.conf and can't login Package: libpam-ldap Version: 180-1.5 I've sent the following email and did not receive a response from the libpam-ldap maintainer. I've upgraded another sarge box since and confirmed the bug still exists. This is a serious problem for upgrades from sarge, or any package update, so please fix it before release. -----Original Message----- From: Jamie ffolliott [mailto:[EMAIL PROTECTED] Sent: Saturday, January 20, 2007 5:59 PM To: '[EMAIL PROTECTED]' Subject: libpam-ldap upgrade breaks pam_ldap.conf and can't login Package: libpam-ldap Version: 180-1.4 After an apt-get upgrade, the libpam-ldap packate updated, and in doing so it rewrote parts of the /etc/pam_ldap.conf file as follows - rewrote host, base, ldap_version, pam_password - commented out the "uri" setting, which is an alternative setting to "host" that supports ldap over ssl. Since I don't use unencrypted logins to my ldap server, and I'm not sure who would do such a thing, I cannot use the host setting. The latter step that comments out "uri" in fact breaks authentication to this machine. I've tried dpkg-reconfigure libpam-ldap and there's no option to preserve my URI setting, which must be set to "ldaps://ldap.mydomain.com" for logins to succeed. Even if I leave "host" blank, it will still disable the "uri" setting - and this is the heart of the issue, I can't avoid breaking the existing libpam-ldap config. Luckily I have ssh's pub key authentication setup, so I can get in to fix, but without that this debian client would be rendered useless upon upgrade from sarge to etch. Please consider this critical, I don't want all my servers to be rendered inaccessible after upgrading to etch which I hope to do upon release. It locks out access to the box completely. Thx! -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED]
