[csw-users] [sudo_ldap 0002251]: copy /etc/ldap.conf if existing

Mon Jun 4 06:05:07 CEST 2007

Sorry for top-posting, and reporters can't seem to reopen bugs, so...

There are two different, yet similar, "ldap.conf" files.  One is used 
for OpenLDAP, the other is used by sudo_ldap and PADL's nss_ldap and 
pam_ldap modules, neither of which are served by blastwave.

OpenLDAP's config file lives at /etc/openldap/ldap.conf while PADL's 
config files live at /etc/ldap.conf.  The OpenLDAP config file is mainly 
concerned with defining a default host and base and also defining the 
security protocols that the libraries must adhere too, tls, sasl, check 
cert, etc.  The /etc/ldap.conf file, while able to define similar things 
as OpenLDAP's, specifies additional things like search descriptors, how 
the pam module should handle passwords, etc.

In essence the /etc/ldap.conf file defines ldap settings at a higher 
level than the /etc/openldap/ldap.conf file, such that if highly 
restrictive settings are set in /etc/openldap/ldap.conf it is not 
possibly to loosen them with setting in /etc/ldap.conf.

Now on to the issue of the bug...it's fine with me if you mark it as 
don't fix because on any system that has already installed PADL, the 
file will not contain the necessary directives to get sudo_ldap to work 
(though it will contain the bulk of the directives needed, only missing 
2); however, the reasoning supplied in the report is not the correct 
reasoning, no other blastwave package would "own" 
/opt/csw/etc/ldap.conf.  If blastwave started distributing the PADL 
modules, then it would be correct for those packages _and_ sudo_ldap to 
copy over /etc/ldap.conf to /opt/csw/etc/ldap.conf providing the former 
existed and latter didn't.

I hope that wasn't too confusing and a waste of your time to read.

Neal

bugreporter at blastwave.org wrote:
> The following bug has been RESOLVED.
> =======================================================================
> http://www.blastwave.org/mantis/view_bug_page.php?f_id=0002251
> =======================================================================
> Reporter:                   nlucier
> Handler:                    comand
> =======================================================================
> Project:                    sudo_ldap
> Bug ID:                     0002251
> Category:                   packaging
> Reproducibility:            always
> Severity:                   feature
> Priority:                   normal
> Status:                     closed
> =======================================================================
> Date Submitted:             2007-05-24 22:41 EDT
> Last Modified:              2007-06-03 22:45 EDT
> =======================================================================
> Summary:                    copy /etc/ldap.conf if existing
> Description: 
> Scott R. Corzine wrote:
> If there is a very strong desire to incorporate existing
> /etc/ldap.conf files couldn't postinstall copy /etc/ldap.conf to
> /opt/csw/etc/ldap.conf (or ldap.conf.whatever) when one exists
> and the other doesn't?
> 
> I think this should be done as a postinstall script.
> =======================================================================
> 
> -----------------------------------------------------------------------
>  comand - 2007-06-03 22:45 EDT 
> -----------------------------------------------------------------------
> It doesn't seem proper for the sudo package to copy over a configuration
> that is owned by another package.  If /etc/ldap.conf exists, it might be
> better for the ldap package to copy this over, but even then, I think
> automatic copying of Solaris configs to blastwave config locations is not
> appropriate in most cases.
> most cases.