[Pkg-openldap-devel] Bug#428468: Bug#428468: Two bugs

[Russ Allbery]

Brian May <bam at snoopy.debian.net> writes:

> Hmmm.

> Let me hazard a guess:

> slapd uses libldap 2.3 which uses openssl
> libnss-ldap uses libldap 2.1 which uses GNU TLS libraries

> Either the ldap libaries conflict or the TLS libraries conflict (or
> all of the above).

> Unless any of the above uses versioned symbols...

The LDAP libraries do not use versioned symbols.  So yes.  Nasty things
happen.

> Still I am puzzled, why would running it as root help?

Because the only (?) time that slapd calls getpwnam (and hence loads
nss-ldap and creates the library conflict) is if you tell it to run as a
different user.  Otherwise, it appears to be much more stable.

> Another theory I have had is that something is broken in GNU TLS.

The latest GnuTLS should be good; the OpenLDAP folks tested it in
conjunction with 2.4 when doing the development work.

> Is it possible to rebuild the Debian package of openldap 2.1 against
> openssl instead or is this likely to be complicated?

It's not for licensing reasons, or we would just use the 2.3 version of
OpenLDAP and build the whole thing against OpenSSL.

-- 
Russ Allbery (rra at debian.org)               <http://www.eyrie.org/~eagle/>