On Thu, May 05, 2005 at 10:15:39AM -0400, Stephen Frost wrote: > * Frank Lichtenheld ([EMAIL PROTECTED]) wrote: > > On Mon, Apr 25, 2005 at 10:00:33AM -0400, Stephen Frost wrote: > > > Just following up for those playing along at home. libnss-ldap and > > > libpam-ldap need to be linked against the same ldap (either 'ldap' or > > > 'ldap_r'). I thought I had done this for both, but apparently not. > > > Linking against ldap_r fixed an issue in nss-ldap previously, so my > > > intent is to change libpam-ldap to also link against ldap_r (like > > > libnss-ldap). I hope to upload a fixed package this evening.
> > Ignore my previous mail, I confused the upload date. > > What has happened to that upload? Did you just have no time or is there > > a problem with it that needs to be fixed? > It got a bit more complicated. Basically, libldap2 is bad for shipping > two different libraries in one package. NSS sucks because when using > libnss-ldap and an LDAP-using application it's possible both of these > (conflicting) libraries can end up being loaded into memory. The end > solution as discussed with Steve Langasek (our illustrious RM) is to: > a) recompile libpam-ldap against ldap_r and upload (will happen soon) > b) rebuild libldap2, remove 'libldap' and replace it with a symlink to > 'libldap_r', which has the same ABI. Strictly speaking, a) is unnecessary, because you get it for free when doing b) > Thus, there will be only one LDAP library left on the system which > everything will link against, hopefully avoiding the situation where two > different LDAP libraries are loaded into memory. Unfortunately, we still have libldap-2.2-7 from openldap2.2; since slapd makes a number of NSS calls, we have to deal with two versions of libldap being loaded into memory on a system running slapd and using nss_ldap. I think we need to add symbol versioning to libldap-2.2-7 to avoid this. I'm not sure yet if we would need to add symbol versioning to libldap2 as well (I hope not). -- Steve Langasek postmodern programmer
signature.asc
Description: Digital signature
