[Pkg-openldap-devel] Bug#412706: Debian-only bug?

Bas van Schaik bas at tuxes.nl
Wed Aug 29 16:40:53 UTC 2007


Upstream marks this bug as "Debian only" with a reasonable explanation:
> Problems with SSL on Debian are well known, and it is due to the fact
> that they long ago patched OpenLDAP 2.1 to compile against GnuTLS
> (note, I don't say *work*, just compile).
>
> When you use their 2.2 and 2.3 packages, and their libraries get
> loaded into the same user space as the 2.1 libraries (which are always
> installed), then SSL/TLS stop working. There is *nothing* the OpenLDAP
> folks can do about this.
(http://www.openldap.org/lists/openldap-software/200702/msg00407.html)


The Debian readme file also talks about TLS:
> This version of the OpenLDAP server and its library is compiled with the
> OpenSSL library as supported by the upstream sources. Other packages
> are not allowed to link against this version of OpenLDAP (or rather
> its library) but this way we have a working OpenLDAP server.
>
> Client packages will have to continue using the old libldap2 package
> for ldap access as that version is linked against GNUTLS to allow
> for example dynamic linking into Samba. We are working on updating that
> GNUTLS patch for OpenLDAP 2.2 and getting it into the upstream package.
>
> When that is accomplished the old libldap2 packages will disappear
> and OpenLDAP 2.2 will be used together with GNUTLS in Debian.
Those explanation seem to conflict, don't they?

Until this bug is fixed it's impossible to use client certificates under
Debian, quite an important bug. Can someone provide an indication when
will be fixed?




More information about the Pkg-openldap-devel mailing list