Package: phpldapadmin
Version: 1.2.0.5-2
Severity: important
Tags: patch
This problem happened because I already had an openldap configuration. The
debconf config script fails to correctly determine a good value for the bind DN
(as you can see below, it starts with a #). In my case I was using rootdn and
rootpw and no further instruction. I'm joining the slapd.conf also
I'm attaching a patch to both the config and the postinst script which does two
things :
1. config: a better reading of slapd.conf which won't return anything if
all searched values cannot be found or are commented
2. postinst: using # as a separator for sed substitution proves not to be a
good idea in this case, so I replaced it with a | which is unlikely to
wind up in slapd.conf
-- System Information:
Debian Release: 6.0
APT prefers stable
APT policy: (500, 'stable')
Architecture: amd64 (x86_64)
Kernel: Linux 2.6.32-5-amd64 (SMP w/2 CPU cores)
Locale: LANG=fr_FR.UTF-8, LC_CTYPE=fr_FR.UTF-8 (charmap=UTF-8)
Shell: /bin/sh linked to /bin/dash
Versions of packages phpldapadmin depends on:
ii apache2 2.2.16-6 Apache HTTP Server metapackage
ii apache2-mpm-prefork [httpd] 2.2.16-6 Apache HTTP Server - traditional n
ii debconf [debconf-2.0] 1.5.36 Debian configuration management sy
ii libapache2-mod-php5 5.3.3-7 server-side, HTML-embedded scripti
ii php5-ldap 5.3.3-7 LDAP module for php5
ii ucf 3.0025+nmu1 Update Configuration File: preserv
phpldapadmin recommends no packages.
phpldapadmin suggests no packages.
-- debconf information:
phpldapadmin/restart-webserver: true
phpldapadmin/ldap-bindpw: secret
phpldapadmin/ldap-tls: false
phpldapadmin/ldap-binddn: # by dn=cn=Manager,dc=ccm,dc=local write
phpldapadmin/reconfigure-webserver: apache, apache-ssl, apache-perl, apache2
phpldapadmin/ldap-basedn: dc=ccm,dc=local
phpldapadmin/ldap-server: localhost
phpldapadmin/ldap-authtype: session
#
# See slapd.conf(5) for details on configuration options.
# This file should NOT be world readable.
#
include /etc/ldap/schema/core.schema
include /etc/ldap/schema/cosine.schema
include /etc/ldap/schema/inetorgperson.schema
include /etc/ldap/schema/dovecot.schema
include /etc/ldap/schema/adxmail.schema
# Define global ACLs to disable default read access.
# Do not enable referrals until AFTER you have a working directory
# service AND an understanding of referrals.
#referral ldap://root.openldap.org
pidfile /var/run/slapd/slapd.pid
argsfile /var/run/slapd/slapd.args
# Read slapd.conf(5) for possible values
#loglevel 32767
logfile /var/log/ldap.log
loglevel 0
# Where the dynamically loaded modules are stored
modulepath /usr/lib/ldap
moduleload back_bdb
backend bdb
# The tool-threads parameter sets the actual amount of cpu's that is used
# for indexing.
tool-threads 1
#######################################################################
# BDB database definitions
#######################################################################
database bdb
suffix "dc=example,dc=com"
checkpoint 512 30
rootdn "cn=Manager,dc=example,dc=com"
#rootdn "cn=admin,dc=example,dc=com"
# Cleartext passwords, especially for the rootdn, should
# be avoid. See slappasswd(8) and slapd.conf(5) for details.
# Use of strong authentication encouraged.
# This is secret ....
rootpw {SHA}SECRETSECRETHASH
# SASL mappings for md5 digest authentication
# Extract the user id and use as the search key
#authz-regexp
# uid=Manager,cn=.*
# ldap:///cn=Manager,dc=example,dc=com
authz-regexp
uid=([^,]*),cn=digest-md5,cn=auth
ldap:///ou=Users,dc=example,dc=com??one?(uid=$1)
#authz-regexp
# uid=([^,]*),cn=ccm.local,cn=digest-md5,cn=auth
# ldap:///dc=example,dc=com??one?(uid=)
access to attrs=userPassword
by anonymous auth
by self write
by * none
access to dn.base="" by * read
#access to *
# by dn=cn=Manager,dc=example,dc=com write
# by * read
# The database directory MUST exist prior to running slapd AND
# should only be accessible by the slapd and slap tools.
# Mode 700 recommended.
directory /var/lib/ldap
# Indices to maintain
index objectClass eq
index uid eq
# Clear text to allow hashing
password-hash {CLEARTEXT}
# Tweaks to increase the result set size and max query time
sizelimit 50000
timelimit 3600
Les sous-répertoires debian/conf et debian-fixed/conf sont identiques.
diff -u debian/config debian-fixed/config
--- debian/config 2011-03-03 11:30:13.000000000 +0100
+++ debian-fixed/config 2011-03-03 12:19:38.730475404 +0100
@@ -17,7 +17,7 @@
tls="false"
fi
basedn=`grep ^suffix /etc/ldap/slapd.conf | awk '{print $2}' |
sed -e s/\"//g`
- binddn=`grep -e "by dn=.* write" /etc/ldap/slapd.conf | cut
-d"\"" -f2 | head -n1`
+ binddn=`sed --silent --expression '/^ *by dn=.*
write/s/^.*\(dn=[^ ]*\).*$/\1/p' /etc/ldap/slapd.conf | head -n1`
elif [ -f /etc/libnss-ldap.conf ]; then
if grep "^host" /etc/libnss-ldap.conf > /dev/null 2>&1; then
ldapserver=`grep ^host /etc/libnss-ldap.conf | awk
'{print $2}'`
Les sous-répertoires debian/po et debian-fixed/po sont identiques.
diff -u debian/postinst debian-fixed/postinst
--- debian/postinst 2011-03-03 11:30:13.000000000 +0100
+++ debian-fixed/postinst 2011-03-03 12:21:10.992293630 +0100
@@ -18,31 +18,31 @@
db_get phpldapadmin/ldap-server || true
ldapserver="$RET"
- sed -i -e "s#//
\$servers->setValue('server','host','127.0.0.1');#\$servers->setValue('server','host','$ldapserver');#g"
${tempfile}
+ sed -i -e "s|//
\$servers->setValue('server','host','127.0.0.1');|\$servers->setValue('server','host','$ldapserver');|g"
${tempfile}
db_get phpldapadmin/ldap-tls || true
tls="$RET"
if [ "$tls" = "true" ]; then
- sed -i -e "s#//
\$servers->setValue('server','port',389);#\$servers->setValue('server','port',636);#g"
${tempfile}
- sed -i -e "s#//
\$servers->setValue('server','tls',false);#\$servers->setValue('server','tls',true);#g"
${tempfile}
+ sed -i -e "s|//
\$servers->setValue('server','port',389);|\$servers->setValue('server','port',636);|g"
${tempfile}
+ sed -i -e "s|//
\$servers->setValue('server','tls',false);|\$servers->setValue('server','tls',true);|g"
${tempfile}
fi
db_get phpldapadmin/ldap-basedn || true
basedn="$RET"
- sed -i -e "s#//
\$servers->setValue('server','base',array(''));#\$servers->setValue('server','base',array('$basedn'));#g"
${tempfile}
+ sed -i -e "s|//
\$servers->setValue('server','base',array(''));|\$servers->setValue('server','base',array('$basedn'));|g"
${tempfile}
db_get phpldapadmin/ldap-authtype || true
authtype="$RET"
- sed -i -e "s#//
\$servers->setValue('login','auth_type','session');#\$servers->setValue('login','auth_type','$authtype');#g"
${tempfile}
+ sed -i -e "s|//
\$servers->setValue('login','auth_type','session');|\$servers->setValue('login','auth_type','$authtype');|g"
${tempfile}
db_get phpldapadmin/ldap-binddn || true
binddn="$RET"
- sed -i -e "s#//
\$servers->setValue('login','bind_id','');#\$servers->setValue('login','bind_id','$binddn');#g"
${tempfile}
+ sed -i -e "s|//
\$servers->setValue('login','bind_id','');|\$servers->setValue('login','bind_id','$binddn');|g"
${tempfile}
if [ "$authtype" = "config" ]; then
db_get phpldapadmin/ldap-bindpw || true
bindpw="$RET"
- sed -i -e "s#//
\$servers->setValue('login','bind_pass','');#\$servers->setValue('login','bind_pass','$bindpw');#g"
${tempfile}
+ sed -i -e "s|//
\$servers->setValue('login','bind_pass','');|\$servers->setValue('login','bind_pass','$bindpw');|g"
${tempfile}
fi
chown root:www-data ${tempfile}
