[Pkg-openldap-devel] OpenLDAP packaging going forward

[Russ Allbery]

Steve Langasek <vorlon at debian.org> writes:

> Hi Russ,

> Thanks for all your work on getting openldap 2.3.35 ready.  Nice to see
> the number of patches we're carrying go down!

Welcome!  I'm hoping to find time soon to finish 2.3.37 packages as well
with various other pending fixes, but we'll see.  I haven't done that well
recently in finding time to do things I really want to do, and Policy
takes a higher priority.

> It's now possible to drop the -lpthread patch, because Debian gcc has
> been fixed on mips now to do the sensible thing with -pthread when
> building shared libs.  So I figured this would be a good time to circle
> around and see what else we might be able to knock off the list.

Excellent.

>> ntlm-ldap_h-hack
>> ntlm_c

>>     Upstream dropped this code long ago.  Can we just do the same thing?
>>     I don't think it makes a lot of sense for Debian to try to maintain it
>>     separately.

> Which code is it that upstream dropped?  The only mention of this code
> in the changelog says that it originates with ximian-connector.

Yeah, but if you look at the files, they have OpenLDAP project CVS
markers.  However, when I checked with upstream, they said that code
hadn't existed in their code base for quite a while.

The next step is probably to check on ximian-connector and see if that use
case is still relevant.  It looks like this patch actually adds symbols to
the library, which is kind of scary.

>> libldap-makefile_in

>>     Part of this is the NTLM stuff.  The rest is linking the libraries
>>     with the pthread library, which should be fed upstream.

> Yes, agreed.

I think I filed an ITS about this that got a response, but I'm not sure
what happened to it after that and it will require some additional
investigation.

>> index-files-created-as-root

>>     This is Debian-specific in its current form, since it always warns if
>>     slapindex is running as root.  Ideally, this would figure out if slapd
>>     is running as a non-root user and then only warn if that's the case
>>     and slapindex is running as a different user.  For right now, we
>>     should carry this patch as-is but suggest upstream the better fix.

> Right... someone have time to work on this? :)

I don't.  :/

>> read-config-before-dropping-privileges

>>     I'm not sure the history of this patch, but my guess is that the
>>     config file may contain private information and this makes the
>>     permissions easier to handle?  The changelog is not informative.
>>     Should be fed upstream if it's really useful.

> Yes, the config file can contain, e.g., passwords to use when
> replicating via slurpd.  I think this was discussed on the list at one
> point; evidently not in the BTS, since there's no bug number in the
> changelog.

> I think this should be fed upstream, yes.

I'd be happy for someone else to do this, or otherwise I can at some
point.

>> sasl-default-path

>>     Should be fed upstream, as this looks generally useful.

> Also agreed.

Same here.

-- 
Russ Allbery (rra at debian.org)               <http://www.eyrie.org/~eagle/>