[Pkg-openldap-devel] OpenLDAP 2.4.7

Steve Langasek vorlon at debian.org
Mon Dec 17 22:53:55 UTC 2007 

On Sun, Dec 16, 2007 at 12:37:07PM -0800, Russ Allbery wrote:
> Steve Langasek <vorlon at debian.org> writes:

> > I also fixed the problem that libldap and libldap_r were both being
> > shipped for openldap2.3, where we only want to have to support one copy
> > on the system.  There's also libslapi as a shared lib; I don't know what
> > the implications are of including this in the libldap-2.4-2 package, but
> > at least for the moment that seems better than moving it to the slapd
> > package.  If someone feels differently, please shout (or commit).

> libslapi is used only for third-party OpenLDAP plugins for slapd (of which
> there are none packaged for Debian, so it's really there only because we
> had one user who requested it).  Maybe we should make it a separate
> library package?

My instinct would be to put libslapi in the slapd package and use a virtual
library package (à la apt and libapt-pkg-$foo), because I suspect libslapi
and slapd need to be kept in sync and libslapi isn't particularly useful
without slapd itself?

I'm not fussed about this any which way, but if we do ship it in libldap
we're pretty much stuck with it there until we have occasion to change the
libldap package name again.

> > ... and then I went and made the change to build-depend on libgnutls-dev
> > instead of libssl-dev which I'd forgotten to do before, and now the
> > package FTBFS. :)  Looks like this is related to having support for
> > lanman password hashes enabled; I would recommend simply disabling
> > these, since these are a horribly weak, pre-NT encryption (not NT and
> > above, as the bug submitter claimed when requesting this feature be
> > enabled).

> That sounds reasonable to me.  I doubt anyone was particularly excited
> about porting that code to GnuTLS.  Although we should probably also
> report that as an upstream bug too, just in case anyone has a free moment
> to care.

FWIW, bug #245341 includes a patch from the submitter which was supposed to
address the porting, so is probably worth having appended to ITS#5287.  The
patch was never applied to the Debian packages because by the time lanman
was enabled, we were on OpenSSL again.

-- 
Steve Langasek                   Give me a lever long enough and a Free OS
Debian Developer                   to set it on, and I can move the world.
Ubuntu Developer                                    http://www.debian.org/
slangasek at ubuntu.com                                     vorlon at debian.org

More information about the Pkg-openldap-devel mailing list