[Bug 553857] Review Request - pam_ldap (for an nss_ldap/pam_ldap split)

bugzilla at redhat.com bugzilla at redhat.com
Tue Jan 12 18:40:06 UTC 2010

Please do not reply directly to this email. All additional
comments should be made in the comments box of this bug.


--- Comment #3 from Nalin Dahyabhai <nalin at redhat.com> 2010-01-12 13:40:04 EST ---
(In reply to comment #2)
> Is having separate configuration for pam_ldap and nss_ldap really a good idea?
> It creates unnecessary hassle for the sysadmins and in 99% of configurations
> involving both of these packages the contents of the configuration files will
> be the same. I suggest adding a subpackage (either to pam_ldap or nss_ldap -
> choose package which you think will be used in more cases) named for example
> ldap-config which would contain just the ldap.conf and ldap.secret files. The
> nss_ldap and pam_ldap packages can then require this package.    

The upstream tarballs actually ship default configuration files with different
contents.  There's nothing stopping an admin from linking the two.

Meanwhile, moving the ldap.conf file from one package to the other during an
upgrade requires stepping around RPM's built-in handling of %config files, and
probably needs to involve triggers -- I just don't want to go there.

I'm also wary of people continuing to incorrectly assume that /etc/ldap.conf is
some global everything-should-read-this-file-for-ldap-settings file, which it
was never supposed to be.

Configure bugmail: https://bugzilla.redhat.com/userprefs.cgi?tab=email
------- You are receiving this mail because: -------
You are on the CC list for the bug.

More information about the package-review mailing list