Bug#658896: ldapd not a good workaround

[Brian Kroth]

FYI, this is affecting our systems as well. So far as I can tell, we can't use the nslcd stuff as a workaround because that prevents using separate ldap confs for auth in pam (eg: pam_ldap.so config=/etc/pam_ldap.conf.special) which allows us to construct different ldap filters, base searches, proxy configs, ssl vs. tls, etc. for authenticating users for different services separately.

If you need help testing out other ldap/ssl/tls fixes let me know.

Thanks,
Brian

In particular we like to use that to allow sudo to authenticate against a shadow object of the usual user so that they can have a separate password for their sudo access and to filter the users that it will even authenticate to those with a particular ldap acl attribute before it even consults the sudoers file.

signature.asc
Description: Digital signature