[Pkg-openldap-devel] Bug#628237: OpenLDAP vs. SASL - what happened

[Ralph Rößner]

Hi,

having followed this discussion I have the impression that what blocks the
release of a recompiled, working OpenLDAP package into testing is the fact
that noone has advanced an explanation of what actually happened, Is that
right?

If so then allow me to try:

Cyrus SASL upstream made an incompatible change to the auxprop plugin ABI
between relases 2.1.23 and 2.1.24: The auxprop_lookup() function is now
required to return a success/fail indicator where it returned nothing
(void) before. This change went hand in hand with raising the auxprop
plugin API version from 4 to 8 and introducing an actual version check.

OpenLDAP upstream source is #ifdef'd to deal with either SASL version,
which is why recompiling against the current libsasl2-2 package works. See
slap_auxprop_lookup() in servers/slapd/sasl.c:261 ff.

Now you could argue that Cyrus upstream should not do that, i.e. breaking
the plugin ABI for a "step" release but that argument is two years late
(which is how long the .24 has been around).

It should be noted that this issue only affacts server implementors who
provide their own auxprop plugin to enable authentication against their
internal password store instead of relying on either saslauthd/LDAP or
sasldb files. Hence the impact of this issue (apart from OpenLDAP)
"should" be minimal.

I hope this helps some way along the road to getting the openldap package
back into working order. I'll be happy to answer any questions if I can.

Regards,
Ralph Rößner

-- 
Ralph Rößner
CAPCom AG < http://www.capcom.de >
Lise - Meitner - Straße 10, 64293 Darmstadt, Deutschland
Phone +49 6151 155 910, Fax +49 6151 155 909
Mobil: +49 170 2212 411

Vorstand: Luc Neumann (Vorsitzender)
Vorsitzender des Aufsichtsrats: Herbert Kuhlmann
Sitz der Gesellschaft: Darmstadt, Registergericht: Darmstadt HRB 8090