From http://arthurdejong.org/nss-pam-ldapd/downloads.html the latest stable release is 0.8.10. Fedora still ships the oldstable version, which lacks of some features. Could you please upgrade to the latest version?
Is there any progress on that?
Have you looked at SSSD as an alternative to nss-pam-ldap?
@Dmitri why do you think this is related to the bugreport?
Because SSSD is the replacement of the nss-pam-ldap.
Why do you think so? nslcd is still highly active maintained. sssd might be an alternative, but not a replacement. At least not at the moment. It still lacks of some features, and the evaluation has caused a lot of headache in our environment (including sssd triggered domain controller DDOS, which caused a downtime of half a day for about 15k users). So please either help upgrading the package or take care that ownership is hand over to me. At least for the Fedora builds.
SSSD is alternative and is intended to be a replacement over time for the most use cases not all. So it would we nice if you can share the following information: 1) What kind of features SSSD is lacking for your environment? 2) What kind of features you are looking for in the latest release of nss-pam-ldapd? 3) What version of SSSD have you tried? 4) Have you logged and tickets or BZ based on what you have seen with SSSD? Also if you really want to take ownership of this package in Fedora we can look into that too. I will see what can be done regarding the rebase.
Most of the sssd bugs have been reported. Maybe I will spend some time on testing later this year. In general, Fedora should always include the latest versions if possible. I am personally missing the sasl_canonicalize option. But it does not make sense to backport it to the old version. The latest release also has some additional bugfixes and features.
Marcus, Thank you for the update! SSSD 1.9 has a lot of new features, please take a look when you have a chance. Meanwhile we will prepare a release and setup a repo for you to give it a try. Thanks, Dmitri
Updated Raw Hide to 0.8.12.
Tested and it seems to be ok. Do you think we could get this to F18, too?
Well, the Raw Hide version is at a point where I don't have any immediate changes planned. Jakub, any objection to merging from master onto the f18 branch and pushing the result as an update? There's conditional logic that cuts the changes for F18 down to * moving the unit file from /lib to /usr/lib because it's using %{_unitdir} * no longer linking directly with libsasl2, which is fine because it's not called directly * picking up linking against libpthread, due to use of AX_PTHREAD in configure I don't expect it to be disruptive (famous last words).
No, no objections at all. Originally I planned on building a private repo on repos.fedorapeople.org first, but putting the upgrade into updates-testing should do as well now that Marcus tested the package on rawhide. Thank you for testing Marcus!
Well there are some things that change when we build for F18: * we don't use the new systemd macros yet * nsswitch and PAM modules still go into /lib and not /usr/lib, like original F18 * we still require the PADL pam_ldap, like original F18 nss-pam-ldapd-0.8.12-2.fc18 should show up in updates-testing soon.
nss-pam-ldapd-0.8.12-2.fc18 has been submitted as an update for Fedora 18. https://admin.fedoraproject.org/updates/nss-pam-ldapd-0.8.12-2.fc18
Package nss-pam-ldapd-0.8.12-2.fc18: * should fix your issue, * was pushed to the Fedora 18 testing repository, * should be available at your local mirror within two days. Update it with: # su -c 'yum update --enablerepo=updates-testing nss-pam-ldapd-0.8.12-2.fc18' as soon as you are able to. Please go to the following url: https://admin.fedoraproject.org/updates/FEDORA-2013-1470/nss-pam-ldapd-0.8.12-2.fc18 then log in and leave karma (feedback).
Last call before I hit the "mark as stable" button at https://admin.fedoraproject.org/updates/FEDORA-2013-1470/nss-pam-ldapd-0.8.12-2.fc18 .
nss-pam-ldapd-0.8.12-2.fc18 has been pushed to the Fedora 18 stable repository. If problems still persist, please make note of it in this bug report.