Bug#1128375: slapd upgrade to trixie breaks due to incompatible cipher names
Ryan Tandy
ryan at nardis.ca
Fri Feb 20 18:08:22 GMT 2026
Hi Praveen,
On Fri, Feb 20, 2026 at 07:59:28PM +0530, Pirate Praveen wrote:
>I think we still need to document how to actually do the migration if
>someone has set a value for olcTLSCipherSuites.
>
>My draft for this document (I think this should be included in trixie
>in a stable update and referenced in release notes:
The text I originally submitted for the release notes specifically
called out the cipher suite option, however the editors removed it since
it duplicated the same info from debian/NEWS.
https://salsa.debian.org/openldap-team/openldap/-/raw/2.6.10+dfsg-1/debian/NEWS
slapd's README.Debian has a section (at the bottom) about the 2.6
upgrade, and steps for recovering after the upgrade, when the service
won't start:
https://salsa.debian.org/openldap-team/openldap/-/raw/2.6.10+dfsg-1/debian/slapd.README.Debian
You're right that I could have done better by providing steps to avoid
breaking the service in the first place.
>You might want to remove
>/etc/systemd/system/slapd.service.d/override.conf as runtime
>directories are now handled correctly in the systemd service file.
I don't know what this file is. The slapd package has never installed or
created it. Something local on your end?
More information about the Pkg-openldap-devel
mailing list