Package: evolution-data-server Severity: normal Hello folks,
With the release of OpenLDAP 2.4.7, we're redoing the OpenLDAP packaging for Debian and trying to reduce our divergence from upstream as much as possible. We have for some years been carrying a patch to OpenLDAP that was apparently never submitted upstream that originated with Evolution (originally Ximian). It adds an ldap_ntlm_bind function and another supporting function and apparently serves as a low-level hook used by NTLM code in evolution-data-server. The README in the Fedora RPM for openldap says: | In order to authenticate to older servers, an LDAP client must perform | an ntlm_bind operation instead of a simple or SASL bind. The ntlm_bind | is not the same thing as performing SASL authentication using NTLM as | the mechanism, which wouldn't require any patching. Newer servers | properly support DIGEST-MD5, so this requirement only applies to clients | which want to authenticate to older servers, and this requirement will | hopefully go away at some point. Since no one has ever submitted this patch or anything about NTLM support to the OpenLDAP upstream maintainers, they've not looked at incorporating it, and at this point adding another non-standardized authentication mechanism that's apparently obsolete isn't looking particularly attractive. We'd like to just drop this patch from the Debian OpenLDAP package. It looks like that means that evolution-data-server would have to fall back on simple binds for old Exchange systems that didn't support DIGEST-MD5. Do you have any feel for how much of a problem this would be? Do you think this support is actually being used? Any information would be greatly appreciated. -- System Information: Debian Release: lenny/sid APT prefers testing APT policy: (990, 'testing'), (500, 'unstable'), (1, 'experimental') Architecture: i386 (i686) Kernel: Linux 2.6.22-3-686 (SMP w/1 CPU core) Locale: LANG=en_US.UTF-8, LC_CTYPE=en_US.UTF-8 (charmap=UTF-8) Shell: /bin/sh linked to /bin/bash -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED]
