for this post-LTS cycle I wanted to cleanup our openldap packaging and get more in line with Debian’s. We have some very old delta that was added circa 2009 due to likewise-open (as far as I could dig up), and that we shouldn’t carry anymore.
To that end, I started this merge proposal, but was quickly reminded by Ryan Tandy (Debian’s openldap maintainer) that in order to drop these two pieces of delta:
- gssapi patch (introduced via https://code.launchpad.net/bugs/495418)
- connection-less ldap (ldap over udp)
i would have to change the soname of the library, because dropping the changes above means removing symbols from the library and thus breaking backwards compatibility with anything that might be using them.
I believe back then when this was introduced, likewise-open didn’t support sasl gssapi, just plain gssapi. About “connection-less ldap”, as far as I can tell, that was last needed to do ldap suffix discovery with windows 2000 servers.
Not being able to drop these is unfortunate, as at least the gssapi patch is kind of wrong to be carried (sasl gssapi should be used instead), but, as they say, we are between a rock and a hard place.
It looks like the best moment to drop those is when openldap 2.5 comes out, as that will (likely) have a soname bump, and we can then remove this delta and do a proper transition. But it’s unclear when that release will happen.
Another change I wanted to drop is the nss overlay. Debian doesn’t build it, I don’t think we need another nss library/system, and distributions seem to be standardizing on sssd. We don’t even have any other nss module in ubuntu main, just sssd: the rest is in universe.
If you are one of the users of this nss overlay in openldap, I would lke to hear from you.