[Pkg-openldap-devel] Bug#381788: Any progress on Bug #381788

[Berg, Michael]

Has there been any progress on Bug #381788?
There hasn't been any word from the package maintainers since my post on
August 13.

I am still experiencing this bug, and today I received an email from
another individual who is also experiencing this problem.  The person who
contacted me wanted to know if I'd found a solution and also had two other
work-around -- which aren't really usable for either of us.

The first work-around this individual reported to me was to disable
start_tls support.  Since the problem is in the SSL handshake when TLS is
being started, this avoid the problem.  However, this is not an acceptable
work-around for either of us.  I'm using slapd to authenticate users, so
passwords are being exchanged with the server. (Running slapd as root is
probably a lower security risk than sending all user passwords in the clear).

The second work-around this individual reported to me was to take "ldap"
out of the group line in nsswitch.conf.  This is a more targeted action
than removing "ldap" from every line in nsswitch.conf (that I documented in
my previous email).  Again, this work-around is unacceptable since I have
groups in LDAP being used by other services on the system.

The work-around I previously documented of running slapd as root (which
avoids the gnutls variant of the ldap client libraries from being loaded)
seems to be the best work-around at the moment.  Although I still want to
run slapd as a non-root user for security reasons.

Could one of the maintainers please comment on the status of this bug?

Thanks.