Bug#545414: sudo-ldap: sudo fails with "sudo: setreuid(ROOT_UID, user_uid): Operation not permitted" for ldap users

Julien Cristau jcristau at debian.org
Sun Jan 2 12:24:53 UTC 2011 

On Sun, Jan  2, 2011 at 13:08:48 +0100, Arthur de Jong wrote:

> +<section id="ldap">
> +  <title><acronym>LDAP</acronym> support</title>
> +  <indexterm><primary>LDAP</primary></indexterm>
> +  <para>
> +    With this release Debian comes with several options for implementing
> +    client-side authentication using LDAP.
> +    Users of the <systemitem role="package">libnss-ldap</systemitem> and
> +    <systemitem role="package">libpam-ldap</systemitem> packages are
> +    recommended to consider upgrading to

should consider?

> +    <systemitem role="package">libnss-ldapd</systemitem> and
> +    <systemitem role="package">libpam-ldapd</systemitem>.
> +  </para>
> +  <para>
> +    These newer packages delegate the <acronym>LDAP</acronym> queries to a central unprivileged
> +    daemon (<command>nslcd</command>) that provides separation between the process using the <acronym>LDAP</acronym>
> +    information and the daemon performing <acronym>LDAP</acronym> queries. This simplifies
> +    handling of secured <acronym>LDAP</acronym> connections,
> +    <acronym>LDAP</acronym> authentication credentials, provides a simpler
> +    mechanism to perform connection  fail-over and debugging and avoids

doubled space

> +    loading <acronym>LDAP</acronym> and related libraries into most
> +    applications.
> +  </para>
> +  <para>
> +    Upgrading to <systemitem role="package">libnss-ldapd</systemitem> and
> +    <systemitem role="package">libpam-ldapd</systemitem> should be easy
> +    as existing configuration information will be re-used mostly.

will be mostly reused?

> +    Only for advanced configuration should any manual reconfiguration be
> +    necessary.
> +  </para>
> +  <para>
> +    These packages however currently lack support for nested groups and only
> +    support password change using the <acronym>LDAP</acronym> password modify
> +    EXOP operation.
> +  </para>
> +</section>
> +

Cheers,
Julien
-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: application/pgp-signature
Size: 836 bytes
Desc: Digital signature
URL: <http://lists.alioth.debian.org/pipermail/pkg-gnutls-maint/attachments/20110102/cfbdf534/attachment.pgp>

More information about the Pkg-gnutls-maint mailing list