* T Leconte (tinchole@satlink.com) wrote: > Reading some docs noticed gnutls doesn't work for debian distributions, and > says as a temp solution to compile openldap with OpenSSL eliminating > debian's patches to support gnu tls. Err.. GNUTLS did work with the 2.1.30 stuff, though perhaps not as well as we would have liked. > Is this correct? Should i recompile my openldap and use stable 2.2.* > instead 2.1.30-3 ? Debian unstable already has the 2.2 packages and we expect them to be migrated into sarge (if they havn't already been). Note that Debian/sarge will have 2.2 for ldaputils and slapd, but libldap2 will be from 2.1.30 (with GNUTLS). This is because the OpenSSL license does not interact well with the GPL and therefore we can't allow a situation where a GPL application ends up depending upon OpenSSL (even indirectly, as through libldap2). The GNUTLS patch really needs to be updated (or rewritten, or what-have-you) for OpenLDAP 2.2 and included upstream. Permission has been granted by the original GNUTLS patch author (Steve Langasek) to redistribute his patch under the OpenLDAP license but it doesn't apply cleanly to OpenLDAP 2.2 and needs some work anyway to get it to support everything the OpenSSL stuff does. There was some work being done in this area by one of the other OpenLDAP maintainers but I think that was postponed in favor of the mixed solution above till after sarge is released. If anyone else is working on GNUTLS support for OpenLDAP 2.2, please let us know since we may be able to work together to speed up the process.. Thanks, Stephen
Attachment:
signature.asc
Description: Digital signature