[Date Prev][Date Next] [Thread Prev][Thread Next] [Date Index] [Thread Index]

OpenLDAP 2.1 packages in experimental

Preliminary packages for OpenLDAP 2.1 have just been uploaded to


When using them, be sure to consider these restrictions:

 * No upgrade path from previous versions of slapd is currently
   supported and upgrades _are_ likely to break. This is due to the
   fact that OpenLDAP 2.1 is stricter about many things than OpenLDAP
   2.0 was.
   Unfortunately, the Debconf scripts of previous versions created
   a non-conformant set-up that was accepted by OpenLDAP 2.0, but isn't
   by OpenLDAP 2.1. Namely, when setting up the directory with
   a dcObject as base (that is dc=foo,dc=bar,dc=...) no structual
   objectClass was included (dcObject is not structural). In order to
   fix your directory, add the organization objectClass to your base
   dn (this will require you to set o to something). You can do this by
   running something like the following command _before_ upgrading:

   $ ldapmodify -x -h localhost -b <your base dn> -D <some admin dn> -W
   dn: <your base dn>
   changetype: modify
   replace: objectClass
   objectClass: organization
   objectClass: dcObject
   add: o
   o: <name of your organization>
 * The Debconf scripts are being completely rewritten. Currently, only
   the absolute minimum is implemented to set a up a directory with a
 * Backend modules are now compiled as shared modules. Some backends
   such as back_sql will eventually be split off into their own
   packages. At this point of time, you need to specify the modules
   to load in slapd.conf like this:

   modulepath      /usr/lib/ldap
   moduleload      back_bdb.la

 * TLS support is know included in the libldap2 packages and
   libldap2-tls for that reason dropped. Once OpenLDAP 2.1 enters
   unstable, either the the priority of libssl needs to be increased
   or exim needs to load LDAP support dynamically.

 * The packages are built against libsasl2 (instead of libsasl1).

If you are aware of solutions for any of the above issues, we'd be
interested in hearing them. Let us know at debian-openldap@snowman.net.
Here is the changelog for your information:

openldap2.1 (2.1.12-1) experimental; urgency=low

  * Initial release of OpenLDAP 2.1 packages. Closes: #167566, #178014.
    - this includes support for the >= and <= operators. Closes: #159078.

  * Torsten Landschoff <torsten@debian.org>
    - debian/check_config: Added script to check if OpenLDAP was configured
      the way we want it.
    - Don't build special TLS packages anymore - SSL is enabled in the
      stock ldap library. Everything else will just give me more headaches.
    - Build against libsasl2 instead of libsasl1. Closes: #176462.
    - debian/control:
      - Build-depend on debhelper 4.0 as debian/rules uses DH_COMPAT=4.
      - Depend on coreutils | fileutils. Closes: #175704.
      - Make libldap2 conflict with libldap2-tls which is obsolete now.
    - debian/rules: Move the long list of configure options to a new
      file debian/configure.options and read $(CONFIG) from that file.
    - configure with --enable-aci. Closes: #101602.
    - debian/slapd.init: Rewrite and add comments.
      - Add support for running as non-root (closes: #111765, #157037).
    - servers/slapd/main.c (main): Remove pid file on exit (closes: #162284).
    - servers/slurpd/slurp.h: Change the default spool directory to
      /var/spool/slurpd (avoids passing it via -t in init.d).
    - servers/{slapd,slurpd}/Makefile.in: Install binaries into sbindir
      instead of libexecdir.
    - debian/control: Add Stephen Frost to the Uploaders field. Thanks
      for your help, Stephen!
    - contrib/ldapc++/config.{guess,sub}: Replaced with current files from
      autotools-dev (lintian). Not actually neccessary since this part of
      the package is not currently built but I think this is the best way
      to shut up lintian :)
    - build/mod.mk: Use -m 644 instead of -m 755 in installing shared
      libraries. Shared libraries should not be marked as executable
    - debian/libldap2.conffiles: Remove, since we are using version 4
      of debhelper which tags everything in /etc as conffile by default.
    - debian/rules: Change the mode of everything upstream installed into
      /etc to 0644 as required by policy (lintian).
    - debian/rules: Call dh_installdeb later in the binary target so that
      the conffiles are already there for listing. Without this nothing in
      /etc gets tagged as conffile... (lintian).
    - debian/rules: Pass the start and stop priority of slapd to
      dh_installinit in preparation for a postinst supported by debhelper.
    - debian/rules: Call dh_installdirs again.
    - Rewrite slapd.config, slapd.postinst, slapd.templates - a first try
      in getting slapd to configure itself. Way to go.

  * Roland Bauerschmidt <rb@debian.org>
    - debian/control:
      - build-depend on libdb4.1-dev instead of libdb4.0-dev
      - conflict, replace, and provide libldap2-tls (libldap2)
      - removed ldap-gateways binary package
      - drop suggestion to obsolete openldap-guide. Closes: #171894.
    - debian/rules:
      - build with BDB backend
      - run dh_installdeb
      - only run dh_makeshlibs for libldap2
    - debian/slapd.dirs: added to create /var/lib/ldap and /var/spool/slurpd
    - debian/slapd.postinst:
      - properly remove temporary files on errors. Closes: #160412.
      - install init.d link if slapd.conf already exists. Closes: #159542.
      - run db_stop even if package isn't configured for the first time. This
        prevents hanging during upgrades.
    - added debian/slapd.default and use it from debian/slapd.init.
      Closes: #160964.
    - added debian/slapd.README.Debian
    - added versioned dependency on coreutils to make lintian quiet.
    - added debian/slapd.postrm
      - remove slapd.conf when package is purged
      - remove /var/lib/ldap when slapd/purge_database is true
      - remove /etc/ldap/schema if empty
    - debian/templates: added slapd/purge_database template
    - build/top.mk: link against libcrypt before other SECURITY_LIBS

  * Stephen Frost <sfrost@debian.org>
    - debian/control: added libltdl2-dev and libslp-dev to the build-depends
    - Correct typo for back-sql init routine; already in OpenLDAP upstream
    - Correct free of SASL interact results; already in OpenLDAP upstream CVS
    - Duplicate the DN from SASL to ensure '\0' termination; already in
      OpenLDAP upstream CVS
    - debian/control: added Replaces: slapd (<< 2.1) for ldap-utils due to
      ldif.5 move.
    - Add modulepath /usr/lib/ldap to default slapd config
    - Add moduleload back_bdb to default slapd config
    - Changed libexecdir to ${prefix}/lib
    - Add usr/lib/ldap to slapd portion of move_files
    - Modified backend types to be built as modules for dynamic loading
    - Fixed pt_BR translation

 -- Roland Bauerschmidt <rb@debian.org>  Sat, 15 Mar 2003 21:35:24 +0100

Have fun, the Debian OpenLDAP maintainers
   (Torsten Landschoff, Stephen Frost, and me)

Roland Bauerschmidt

Reply to: