2012/5/8 Arthur de Jong <[email protected]>: > On Tue, 2012-05-08 at 21:05 +0200, Jakub Moc wrote: >> In my case, tls_reqcert never is getting commented out over and over >> again, resulting in inability to login. > > Ok, this seems like a bug similar to #670133. What version of nslcd are > you using? Also can you provide the information from > debconf-show nslcd
nslcd/ldap-bindpw: (password omitted) nslcd/ldap-sasl-realm: * nslcd/ldap-starttls: false nslcd/ldap-sasl-krb5-ccname: /var/run/nslcd/nslcd.tkt * nslcd/ldap-auth-type: none nslcd/ldap-reqcert: * nslcd/ldap-uris: DNS nslcd/ldap-sasl-secprops: nslcd/ldap-binddn: nslcd/ldap-sasl-authcid: nslcd/ldap-sasl-mech: * nslcd/ldap-base: dc=notorgroup,dc=local nslcd/ldap-sasl-authzid: > and the contents of nslcd.conf? uid nslcd gid nslcd uri DNS base dc=notorgroup,dc=local ssl on tls_reqcert allow bind_timelimit 5 timelimit 5 reconnect_retrytime 5 idle_timelimit 30 > Furthermore the output of DEBCONF_DEBUG=developer debconf > /var/lib/dpkg/info/nslcd.config > would be very helpful. debconf (developer): starting /var/lib/dpkg/info/nslcd.config debconf (developer): <-- VERSION 2.0 debconf (developer): --> 0 2.0 debconf (developer): <-- CAPB backup debconf (developer): --> 0 multiselect escape backup debconf (developer): <-- GET nslcd/ldap-uris debconf (developer): --> 0 DNS debconf (developer): <-- GET nslcd/ldap-base debconf (developer): --> 0 dc=notorgroup,dc=local debconf (developer): <-- GET nslcd/ldap-binddn debconf (developer): --> 0 debconf (developer): <-- GET nslcd/ldap-bindpw debconf (developer): --> 0 debconf (developer): <-- GET nslcd/ldap-sasl-mech debconf (developer): --> 0 debconf (developer): <-- GET nslcd/ldap-sasl-realm debconf (developer): --> 0 debconf (developer): <-- GET nslcd/ldap-sasl-authcid debconf (developer): --> 0 debconf (developer): <-- GET nslcd/ldap-sasl-authzid debconf (developer): --> 0 debconf (developer): <-- GET nslcd/ldap-sasl-secprops debconf (developer): --> 0 debconf (developer): <-- GET nslcd/ldap-sasl-krb5-ccname debconf (developer): --> 0 /var/run/nslcd/nslcd.tkt debconf (developer): <-- GET nslcd/ldap-starttls debconf (developer): --> 0 false debconf (developer): <-- GET nslcd/ldap-reqcert debconf (developer): --> 0 debconf (developer): <-- SET nslcd/ldap-reqcert allow debconf (developer): --> 0 value set debconf (developer): <-- SET nslcd/ldap-auth-type none debconf (developer): --> 0 value set debconf (developer): <-- GET nslcd/ldap-starttls debconf (developer): --> 0 false debconf (developer): <-- INPUT high nslcd/ldap-uris debconf (developer): --> 30 question skipped debconf (developer): <-- INPUT high nslcd/ldap-base debconf (developer): --> 30 question skipped debconf (developer): <-- GO debconf (developer): --> 0 ok debconf (developer): <-- INPUT medium nslcd/ldap-auth-type debconf (developer): --> 30 question skipped debconf (developer): <-- GO debconf (developer): --> 0 ok debconf (developer): <-- GET nslcd/ldap-auth-type debconf (developer): --> 0 none debconf (developer): <-- SET nslcd/ldap-bindpw debconf (developer): --> 0 value set debconf (developer): <-- GO debconf (developer): --> 0 ok debconf (developer): <-- GET nslcd/ldap-uris debconf (developer): --> 0 DNS debconf (developer): <-- INPUT medium nslcd/ldap-starttls debconf (developer): --> 30 question skipped debconf (developer): <-- GO debconf (developer): --> 0 ok debconf (developer): <-- GET nslcd/ldap-uris debconf (developer): --> 0 DNS debconf (developer): <-- GET nslcd/ldap-starttls debconf (developer): --> 0 false debconf (developer): <-- SET nslcd/ldap-reqcert debconf (developer): --> 0 value set debconf (developer): <-- GO debconf (developer): --> 0 ok > > Do you have a special way of deploying your machine (e.g. puppet, > debconf preseeding)? Not that I'd know of, so, probably not. :-D HTH. -- To UNSUBSCRIBE, email to [email protected] with a subject of "unsubscribe". Trouble? Contact [email protected]
