[Date Prev][Date Next] [Thread Prev][Thread Next] [Date Index] [Thread Index]

Re: heimdal and ldap

Brian May <bam@snoopy.debian.net> writes:

> I have a bug in heimdal-kdc:

> http://bugs.debian.org/385809

> That is caused because Heimdal is linked against an old version of
> libldap, and the new version changes the location of the socket
> path. However as far as I can tell, it is not possible to link against
> the latest version of libldap because no -dev package exists yet.

Correct.  This is because the new version of OpenLDAP cannot be linked
against GnuTLS (our local patch is already problematic in 2.1 and broke in
later versions), so it can only build with OpenSSL, and we can't release
general libraries for other Debian packages to build against with only
OpenSSL because of licensing issues with GPL-covered applications that use
OpenLDAP.

So to make the best of a bad situation, etch is going to ship with 2.3
servers (using the 2.3 libraries but without library dev packages) and 2.1
general libraries.  No one wants this situation, but this is what we had
resources to do.

A couple of organizations are sponsoring work doing a full OpenLDAP port
to GnuTLS and adding the necessary code to both to make it work properly
and not bit-rot again, so the hope is for lenny that this will be
resolved.

-- 
Russ Allbery (rra@debian.org)               <http://www.eyrie.org/~eagle/>
Reply to: