[Date Prev][Date Next] [Chronological] [Thread] [Top]

Re: GNU TLS, Slapd 2.1.30-3 on Debian Sarge

* T Leconte (tinchole@satlink.com) wrote:
> Reading some docs noticed gnutls doesn't work for debian distributions, and 
> says as a temp solution to compile openldap with OpenSSL eliminating 
> debian's patches to support gnu tls.

Err..  GNUTLS did work with the 2.1.30 stuff, though perhaps not as well
as we would have liked.

> Is this correct? Should i recompile my openldap and use stable 2.2.* 
> instead 2.1.30-3 ?

Debian unstable already has the 2.2 packages and we expect them to be
migrated into sarge (if they havn't already been).  Note that
Debian/sarge will have 2.2 for ldaputils and slapd, but libldap2 will be
from 2.1.30 (with GNUTLS).  This is because the OpenSSL license does not
interact well with the GPL and therefore we can't allow a situation
where a GPL application ends up depending upon OpenSSL (even indirectly,
as through libldap2).

The GNUTLS patch really needs to be updated (or rewritten, or
what-have-you) for OpenLDAP 2.2 and included upstream.  Permission has
been granted by the original GNUTLS patch author (Steve Langasek) to
redistribute his patch under the OpenLDAP license but it doesn't apply
cleanly to OpenLDAP 2.2 and needs some work anyway to get it to support
everything the OpenSSL stuff does.  There was some work being done in
this area by one of the other OpenLDAP maintainers but I think that was
postponed in favor of the mixed solution above till after sarge is

If anyone else is working on GNUTLS support for OpenLDAP 2.2, please let
us know since we may be able to work together to speed up the process..



Attachment: signature.asc
Description: Digital signature