Quoting Arthur de Jong (adej...@debian.org): > I'm not the maintainer of libpam-ldap but I would like to comment > anyway.
Both comments are very wise. So, rewritten patch attached.
--- libpam-ldap.old/debian/templates 2009-02-14 12:19:34.483870281 +0100
+++ libpam-ldap/debian/templates 2009-06-03 18:23:36.325729112 +0200
@@ -1,37 +1,50 @@
+# These templates have been reviewed by the debian-l10n-english
+# team
+#
+# If modifications/additions/rewording are needed, please ask
+# debian-l10n-engl...@lists.debian.org for advice.
+#
+# Even minor modifications require translation updates and such
+# changes should be coordinated with translators and reviewers.
+
Template: libpam-ldap/rootbinddn
Type: string
Default: cn=manager,dc=example,dc=net
-_Description: LDAP account for root:
- This account will be used when root changes a password.
+_Description: LDAP administrative account:
+ Please enter the name of the LDAP administrative account.
.
- Note: This account has to be a privileged account.
+ This account will be used automatically for database management, so
+ it must have the appropriate administrative privileges.
Template: libpam-ldap/rootbindpw
Type: password
-_Description: LDAP root account password:
- Please enter the password to use when ${package} tries to
- login to the LDAP directory using the LDAP account for root.
- .
- The password will be stored in a separate file ${filename}
- which will be made readable to root only.
+#flag:comment:3
+# Translators: do not translate "${filename}"
+_Description: LDAP administrative password:
+ Please enter the password of the administrative account.
+ .
+ The password will be stored in the file ${filename}.
+ This will be made readable to root only, and will allow ${package}
+ to carry out automatic database management logins.
.
- Entering an empty password will re-use the old password.
+ If this field is left empty, the previously stored password will
+ be re-used.
Template: libpam-ldap/dblogin
Type: boolean
Default: false
_Description: Does the LDAP database require login?
- Choose this option if you can't retrieve entries from
- the database without logging in.
+ Please choose whether the LDAP server enforces a login before
+ retrieving entries.
.
- Note: Under a normal setup, this is not needed.
+ Such a setup is not usually needed.
Template: shared/ldapns/base-dn
Type: string
Default: dc=example,dc=net
_Description: Distinguished name of the search base:
- Please enter the distinguished name of the LDAP search base. Many sites
- use the components of their domain names for this purpose. For example,
+ Please enter the distinguished name of the LDAP search base. Many sites
+ use the components of their domain names for this purpose. For example,
the domain "example.net" would use "dc=example,dc=net" as the
distinguished name of the search base.
@@ -39,81 +52,75 @@
Type: select
__Choices: clear, crypt, nds, ad, exop, md5
Default: crypt
-_Description: Local crypt to use when changing passwords.
- The PAM module can set the password crypt locally when changing the
- passwords, this is usually a good choice. By setting this to something
- else than clear you are making sure that the password gets crypted in some
- way.
- .
- The meanings for selections are:
- .
- clear - Don't set any encryptions, this is useful with servers that
- automatically encrypt userPassword entry.
- .
- crypt - (Default) make userPassword use the same format as the flat
- filesystem. this will work for most configurations
- .
- nds - Use Novell Directory Services-style updating, first remove the old
- password and then update with cleartext password.
- .
- ad - Active Directory-style. Create Unicode password and update unicodePwd
- attribute
- .
- exop - Use the OpenLDAP password change extended operation to update the
- password.
+_Description: Local encryption algorithm to use for passwords:
+ The PAM module can encrypt the password locally when changing it,
+ which is recommended:
+ * clear: no encryption. This should be chosen when LDAP servers
+ automatically encrypt the userPassword entry;
+ * crypt: make userPassword use the same format as the flat
+ local password database. If in doubt, you should choose this option;
+ * nds: use Novell Directory Services-style updating. The old
+ password is first removed, then updated;
+ * ad: Active Directory-style. This creates a Unicode password and
+ updates the unicodePwd attribute;
+ * exop: use the OpenLDAP password change extended operation to update the
+ password.
Template: shared/ldapns/ldap_version
Type: select
Choices: 3, 2
Default: 3
_Description: LDAP version to use:
- Please enter which version of the LDAP protocol should be used by
- ldapns. It is usually a good idea to set this to the highest
- available version number.
+ Please choose the version of the LDAP protocol that should be used by
+ ldapns. Using the highest available version number is recommended.
Template: libpam-ldap/binddn
Type: string
Default: cn=proxyuser,dc=example,dc=net
-_Description: Unprivileged database user:
- Please enter the name of the account that will be used to log in to the LDAP
- database.
- .
- Warning: DO NOT use privileged accounts for logging in, the configuration
- file has to be world readable.
+_Description: LDAP login user account:
+ Please enter the name of the LDAP account that should be used for
+ non-administrative (read-only) database logins.
+ .
+ It is highly recommended to use an unprivileged account, because
+ the configuration file that contains the account name and password
+ must be world-readable.
Template: libpam-ldap/dbrootlogin
Type: boolean
Default: true
-_Description: Make local root Database admin.
- This option will allow you to make password utilities that use pam, to
- behave like you would be changing local passwords.
+_Description: Allow LDAP admin account to behave like local root?
+ This option will allow password utilities that use PAM to
+ change local passwords.
.
- The password will be stored in a separate file which will be made
+ The LDAP admin account password will be stored in a separate file which will
be made
readable to root only.
.
- If you are using NFS mounted /etc or any other custom setup, you should
- disable this.
+ If /etc is mounted by NFS, this option should be disabled.
Template: shared/ldapns/ldap-server
Type: string
Default: ldapi:///
-_Description: LDAP server Uniform Resource Identifier:
- Please enter the URI of the LDAP server used. This is a string in the
- form ldap://<hostname or IP>:<port>/ . ldaps:// or ldapi:// can also
- be used. The port number is optional.
+_Description: LDAP server URI:
+ Please enter the Uniform Resource Identifier of the LDAP server.
+ The format is 'ldap://<hostname_or_IP>:<port>/'. Alternatively,
+ 'ldaps://' or 'ldapi://' can be used. The port number is optional.
.
- Note: It is usually a good idea to use an IP address; this reduces risks
- of failure in the event name service is unavailable.
+ Using an IP address is recommended to avoid failures when
+ domain name services are unavailable.
Template: libpam-ldap/bindpw
Type: password
-_Description: Password for database login account:
- Please enter the password that will be used to log in to the LDAP database.
+_Description: Password for LDAP login user:
+ Please enter the password for the nonadministrative LDAP login account.
Template: libpam-ldap/override
Type: boolean
Default: true
-_Description: Make debconf change your config?
- libpam-ldap has been moved to use debconf for its configuration. Should
- the settings in debconf be applied to the configuration? Package
- upgrades will use your answer here going forward.
+_Description: Manage libpam-ldap configuration automatically?
+ The libpam-ldap package configuration may be managed automatically
+ using answers to questions asked during the configuration process.
+ The resulting configuration file may overwrite local changes.
+ .
+ If you do not choose this option, no further questions will be asked
+ and the configuration will need to be done manually.
+
--- libpam-ldap.old/debian/changelog 2009-02-14 12:19:34.483870281 +0100
+++ libpam-ldap/debian/changelog 2009-06-02 19:58:26.211948355 +0200
@@ -1,3 +1,11 @@
+libpam-ldap (184-4.3) UNRELEASED; urgency=low
+
+ * Debconf templates and debian/control reviewed by the debian-l10n-
+ english team as part of the Smith review project. Closes: #531557
+ * [Debconf translation updates]
+
+ -- Christian Perrier <bubu...@debian.org> Tue, 02 Jun 2009 19:58:23 +0200
+
libpam-ldap (184-4.2) unstable; urgency=low
* Non-maintainer upload.
signature.asc
Description: Digital signature
