On Wed, 2010-07-14 at 13:41 +0200, Daniel Dehennin wrote: > Here is the changelog, patch based on latest svn (revno:1161): > * debian/nslcd.config: Manage SASL questions, bindpw is shared between > binddn and sasl, it's asked just after binddn or authcid, this > complexify a little the switch case.
I have had a look at this and have changed some things around a bit.
Attached is the version as I'm testing it now (I can also provide a
patch if you prefer).
First, the detection routines are now a little cleaner I think. All
options are read from the config, even if they don't make much sense
combined. We want to try to retain as much as possible from the
administrator's changes to the file.
Secondly, I've changed the question grouping a bit. I've also removed
krb5keytab for now because it isn't used.
The Debconf questions are now:
server:
ASK ldap-uris + ldap-base
authtype:
ASK ldap-auth-type
authentication:
if ldap-auth-type == none:
<ask nothing>, skip sasloptions
if ldap-auth-type == simple:
ASK ldap-binddn + ldap-bindpw, skip sasloptions
if ldap-auth-type == none:
ASK ldap-sasl-mech
sasloptions:
ASK ldap-sasl-realm + ldap-sasl-authcid (if not GSSAPI) +
ldap-bindpw (if not GSSAPI) + ldap-sasl-authzid +
ldap-sasl-secprops + ldap-sasl-krb5-ccname (if GSSAPI)
starttls:
if not ldaps:
ASK ldap-starttls
reqcert:
if ldaps or starttls:
ASK ldap-reqcert
I've also simplified the back code a bit (mostly skip back to authtype).
The question now is, are the questions clear enough in most common
situations? For anonymous bind and simple authentication I think it is
clear enough, but what about Kerberos authentication? Also, perhaps the
list of SASL mechs should be in a most-commonly used first order? Is the
order of the SASL questions reasonable?
I have not really looked at the other files yet (templates and
postinst). I think the questions could use some improvements but it is
also related to the question flow. I did notice that the ldap-sasl-mech
and ldap-sasl-secprops are really long.
Anyway, thanks for your work. This should get reasonable close to
inclusion in the next release.
--
-- arthur - adej...@debian.org - http://people.debian.org/~adejong --
nslcd.config
Description: application/shellscript
signature.asc
Description: This is a digitally signed message part
