[Pkg-openldap-devel] OpenLDAP 2.4.7
Russ Allbery
rra at debian.org
Mon Dec 17 22:26:21 UTC 2007
Quanah Gibson-Mount <quanah at zimbra.com> writes:
> Russ Allbery <rra at debian.org> wrote:
>> That sounds reasonable to me. I doubt anyone was particularly excited
>> about porting that code to GnuTLS. Although we should probably also
>> report that as an upstream bug too, just in case anyone has a free
>> moment to care.
> Out of curiousity, upstream with who? I got lost here. :P
As an ITS. If you enable lanman hashes, OpenLDAP doesn't build with
GnuTLS because the code has OpenSSL-specific assumptions. It's not a
high-priority issue, but it's a minor bug.
>> Yes, I definitely think that a NEWS.Debian entry would be in order.
>> Beyond that, hm, if we can detect that people are using slurpd, we
>> should probably try to issue an error via debconf. Quanah, could you
>> comment here on how to detect this and what the reasonable upgrade path
>> would be?
> Well, there are a couple of issues here. One is that slurpd was global,
> where as syncrepl is per database. Since there can be multiple
> databases in a slapd.conf file, one has no idea really how to convert
> such a scenario to use syncrepl. The other is that syncrepl is pull
> driven rather than push driven. I.e., in the past, slurpd would just
> write to the slave using some set of credentials. There's no guarantee
> that that same set of credentials supplied in reverse would work (i.e.,
> have the read permissions necessary on the master). So I think the only
> real way to handle this is to force users to manual upgrade their
> slapd.conf if they used slurpd.
Okay, it sounds like a debconf error telling people they have to fix this
manually combined with a NEWS.Debian entry is probably the right approach.
--
Russ Allbery (rra at debian.org) <http://www.eyrie.org/~eagle/>
More information about the Pkg-openldap-devel
mailing list