found 645599 0.7.0 fixed 645599 0.8.3 thanks On Fri, 2011-11-18 at 12:52 +0100, Jeremy Lainé wrote: > I also got bitten by bug 645599 and was locked out of my servers.
After some testing and digging I've been able to reproduce this: - start with a non-LDAP config - install libnss-ldapd and ask for passwd to be enabled (not shadow) - install libpam-ldapd and allow it to add shadow: ldap - upgrade/reinstall libnss-ldapd At this point libnss-ldapd's postinst seems to think that shadow was asked to be disabled by the user. This is a bug in libnss-ldapd and is also present in 0.7.11 and before. It was fixed in 0.8.3 (although not related to the issue in this bug report). Furthermore the 0.8.4 release includes some changes to allow PAM to work without shadow: ldap in /etc/nsswitch.conf. A fix for this is available here: http://arthurdejong.org/viewvc/nss-pam-ldapd?revision=1555&view=revision I will contact the stable release team for permission to upload the above fix to proposed-updates. -- -- arthur - adej...@debian.org - http://people.debian.org/~adejong --
signature.asc
Description: This is a digitally signed message part
