[Pkg-openldap-devel] OpenLDAP 2.4.7

Russ Allbery rra at debian.org
Sun Dec 16 20:37:07 UTC 2007 

Steve Langasek <vorlon at debian.org> writes:

> I also fixed the problem that libldap and libldap_r were both being
> shipped for openldap2.3, where we only want to have to support one copy
> on the system.  There's also libslapi as a shared lib; I don't know what
> the implications are of including this in the libldap-2.4-2 package, but
> at least for the moment that seems better than moving it to the slapd
> package.  If someone feels differently, please shout (or commit).

libslapi is used only for third-party OpenLDAP plugins for slapd (of which
there are none packaged for Debian, so it's really there only because we
had one user who requested it).  Maybe we should make it a separate
library package?

> ... and then I went and made the change to build-depend on libgnutls-dev
> instead of libssl-dev which I'd forgotten to do before, and now the
> package FTBFS. :)  Looks like this is related to having support for
> lanman password hashes enabled; I would recommend simply disabling
> these, since these are a horribly weak, pre-NT encryption (not NT and
> above, as the bug submitter claimed when requesting this feature be
> enabled).

That sounds reasonable to me.  I doubt anyone was particularly excited
about porting that code to GnuTLS.  Although we should probably also
report that as an upstream bug too, just in case anyone has a free moment
to care.

>> We're using delta-syncrepl with something very close to the current
>> Debian packages without any trouble, so I don't think you'll need any
>> other packaging.

> So you don't think there's a need to detect when users have slurpd
> enabled, and provide some warning that it will cease to be available on
> upgrade and require manual adjustments?  Debconf error template,
> NEWS.Debian or something?

Oh, I see what you're saying now.

Yes, I definitely think that a NEWS.Debian entry would be in order.
Beyond that, hm, if we can detect that people are using slurpd, we should
probably try to issue an error via debconf.  Quanah, could you comment
here on how to detect this and what the reasonable upgrade path would be?

-- 
Russ Allbery (rra at debian.org)               <http://www.eyrie.org/~eagle/>

More information about the Pkg-openldap-devel mailing list