Bug 846793 - upgrade to latest stable release 0.8.10
upgrade to latest stable release 0.8.10
Product: Fedora
Classification: Fedora
Component: nss-pam-ldapd (Show other bugs)
Unspecified Unspecified
unspecified Severity unspecified
: ---
: ---
Assigned To: Nalin Dahyabhai
Fedora Extras Quality Assurance
Depends On:
  Show dependency treegraph
Reported: 2012-08-08 14:05 EDT by Marcus Moeller
Modified: 2013-02-11 23:56 EST (History)
3 users (show)

See Also:
Fixed In Version: nss-pam-ldapd-0.8.12-1.fc19
Doc Type: Bug Fix
Doc Text:
Story Points: ---
Clone Of:
Last Closed: 2013-02-11 23:56:30 EST
Type: Bug
Regression: ---
Mount Type: ---
Documentation: ---
Verified Versions:
Category: ---
oVirt Team: ---
RHEL 7.3 requirements from Atomic Host:
Cloudforms Team: ---

Attachments (Terms of Use)

  None (edit)
Description Marcus Moeller 2012-08-08 14:05:12 EDT
From http://arthurdejong.org/nss-pam-ldapd/downloads.html the latest stable release is 0.8.10. Fedora still ships the oldstable version, which lacks of some features. Could you please upgrade to the latest version?
Comment 1 Marcus Moeller 2013-01-10 03:08:40 EST
Is there any progress on that?
Comment 2 Dmitri Pal 2013-01-11 16:14:09 EST
Have you looked at SSSD as an alternative to nss-pam-ldap?
Comment 3 Marcus Moeller 2013-01-11 16:23:09 EST
@Dmitri why do you think this is related to the bugreport?
Comment 4 Dmitri Pal 2013-01-11 16:36:03 EST
Because SSSD is the replacement of the nss-pam-ldap.
Comment 5 Marcus Moeller 2013-01-11 16:43:33 EST
Why do you think so? nslcd is still highly active maintained. sssd might be an alternative, but not a replacement. At least not at the moment. It still lacks of some features, and the evaluation has caused a lot of headache in our environment (including sssd triggered domain controller DDOS, which caused a downtime of half a day for about 15k users).

So please either help upgrading the package or take care that ownership is hand over to me. At least for the Fedora builds.
Comment 6 Dmitri Pal 2013-01-11 17:20:21 EST
SSSD is alternative and is intended to be a replacement over time for the most use cases not all. So it would we nice if you can share the following information:
1) What kind of features SSSD is lacking for your environment?
2) What kind of features you are looking for in the latest release of nss-pam-ldapd? 
3) What version of SSSD have you tried?
4) Have you logged and tickets or BZ based on what you have seen with SSSD?

Also if you really want to take ownership of this package in Fedora we can look into that too. 

I will see what can be done regarding the rebase.
Comment 7 Marcus Moeller 2013-01-12 03:58:43 EST
Most of the sssd bugs have been reported. Maybe I will spend some time on testing later this year.

In general, Fedora should always include the latest versions if possible. I am personally missing the sasl_canonicalize option. But it does not make sense to backport it to the old version. The latest release also has some additional bugfixes and features.
Comment 8 Dmitri Pal 2013-01-12 15:58:40 EST

Thank you for the update!
SSSD 1.9 has a lot of new features, please take a look when you have a chance.
Meanwhile we will prepare a release and setup a repo for you to give it a try.

Comment 9 Nalin Dahyabhai 2013-01-18 16:21:47 EST
Updated Raw Hide to 0.8.12.
Comment 10 Marcus Moeller 2013-01-24 08:43:49 EST
Tested and it seems to be ok.

Do you think we could get this to F18, too?
Comment 11 Nalin Dahyabhai 2013-01-24 11:34:52 EST
Well, the Raw Hide version is at a point where I don't have any immediate changes planned.

Jakub, any objection to merging from master onto the f18 branch and pushing the result as an update?  There's conditional logic that cuts the changes for F18 down to
* moving the unit file from /lib to /usr/lib because it's using %{_unitdir}
* no longer linking directly with libsasl2, which is fine because it's not called directly
* picking up linking against libpthread, due to use of AX_PTHREAD in configure

I don't expect it to be disruptive (famous last words).
Comment 12 Jakub Hrozek 2013-01-24 11:40:24 EST
No, no objections at all. Originally I planned on building a private repo on repos.fedorapeople.org first, but putting the upgrade into updates-testing should do as well now that Marcus tested the package on rawhide.

Thank you for testing Marcus!
Comment 13 Nalin Dahyabhai 2013-01-24 13:03:30 EST
Well there are some things that change when we build for F18:
* we don't use the new systemd macros yet
* nsswitch and PAM modules still go into /lib and not /usr/lib, like original F18
* we still require the PADL pam_ldap, like original F18

nss-pam-ldapd-0.8.12-2.fc18 should show up in updates-testing soon.
Comment 14 Fedora Update System 2013-01-24 13:06:47 EST
nss-pam-ldapd-0.8.12-2.fc18 has been submitted as an update for Fedora 18.
Comment 15 Fedora Update System 2013-01-25 16:27:42 EST
Package nss-pam-ldapd-0.8.12-2.fc18:
* should fix your issue,
* was pushed to the Fedora 18 testing repository,
* should be available at your local mirror within two days.
Update it with:
# su -c 'yum update --enablerepo=updates-testing nss-pam-ldapd-0.8.12-2.fc18'
as soon as you are able to.
Please go to the following url:
then log in and leave karma (feedback).
Comment 16 Nalin Dahyabhai 2013-02-04 14:32:27 EST
Last call before I hit the "mark as stable" button at https://admin.fedoraproject.org/updates/FEDORA-2013-1470/nss-pam-ldapd-0.8.12-2.fc18 .
Comment 17 Fedora Update System 2013-02-11 23:56:32 EST
nss-pam-ldapd-0.8.12-2.fc18 has been pushed to the Fedora 18 stable repository.  If problems still persist, please make note of it in this bug report.

Note You need to log in before you can comment on or make changes to this bug.