[Pkg-openldap-devel] OpenLDAP 2.4.7

[Russ Allbery]

Quanah Gibson-Mount <quanah at zimbra.com> writes:
> Russ Allbery <rra at debian.org> wrote:

>> That sounds reasonable to me.  I doubt anyone was particularly excited
>> about porting that code to GnuTLS.  Although we should probably also
>> report that as an upstream bug too, just in case anyone has a free
>> moment to care.

> Out of curiousity, upstream with who?  I got lost here. :P

As an ITS.  If you enable lanman hashes, OpenLDAP doesn't build with
GnuTLS because the code has OpenSSL-specific assumptions.  It's not a
high-priority issue, but it's a minor bug.

>> Yes, I definitely think that a NEWS.Debian entry would be in order.
>> Beyond that, hm, if we can detect that people are using slurpd, we
>> should probably try to issue an error via debconf.  Quanah, could you
>> comment here on how to detect this and what the reasonable upgrade path
>> would be?

> Well, there are a couple of issues here.  One is that slurpd was global,
> where as syncrepl is per database.  Since there can be multiple
> databases in a slapd.conf file, one has no idea really how to convert
> such a scenario to use syncrepl.  The other is that syncrepl is pull
> driven rather than push driven.  I.e., in the past, slurpd would just
> write to the slave using some set of credentials.  There's no guarantee
> that that same set of credentials supplied in reverse would work (i.e.,
> have the read permissions necessary on the master).  So I think the only
> real way to handle this is to force users to manual upgrade their
> slapd.conf if they used slurpd.

Okay, it sounds like a debconf error telling people they have to fix this
manually combined with a NEWS.Debian entry is probably the right approach.

-- 
Russ Allbery (rra at debian.org)               <http://www.eyrie.org/~eagle/>