[Pkg-freeipa-devel] [Pkg-openldap-devel] Bug#725153: freeipa-server backport to Jessie?

[Ryan Tandy]

On Fri, Apr 17, 2015 at 07:45:24AM +0300, Timo Aaltonen wrote:
>Actually, I pushed a hacked up libldap to my openldap git on alioth
>yesterday, but forgot to update this bug, oops
>
>git://git.debian.org/git/users/tjaalton/openldap.git
>
>it doesn't build anything other than libldap & ldap-utils, and includes
>the applicable Fedora patches (yes three of them were upstream already)
>minus autoconf one which gave me some pain. If it's ok for you, we could
>have a branch on the official pkg repo so folks that need to build their
>own packages could use that as the base.

Something like a "moznss" branch parallel to master? I don't have any 
problem with that.

FWIW, the autoconf patch worked for me once I added Build-Depends: 
pkg-config.

>I don't think fixing this bug by switching to build against moznss makes
>much sense for Debian, because the need for it is going away once
>Freeipa ditches using ldap+tls connections altogether which is currently
>only used in the replication process. Once that's rewritten and using
>GSSAPI (in 4.2?) we'd be fine.

OK.

>That might still leave plain 389-ds-base multimaster replication in the
>dust though, but I'm not interested in that personally.. Building a
>second libldap against moznss might be possible, but looks icky..

Icky indeed. Based on what you wrote above, sounds like that probably 
won't be worth the effort, if it won't be needed in future.

So as I understand it: this bug is basically wontfix in the official 
package at this point; you're (already?) providing an unofficial 
nss-libldap that freeipa users can drop in to replace the 
gnutls-libldap; and nothing has to be rebuilt to take advantage of that. 
Do I have that right?