| Patch | Description | Author | Forwarded | Bugs | Origin | Last update |
|---|---|---|---|---|---|---|
| ldapi-socket-place | Move the ldapi socket to /var/run/slapd from /var/run, since /var/run is only writable by root and slapd runs as openldap. Debian-specific. |
no | ||||
| evolution-ntlm | Patch from evolution-exchange (2.10.3). The ldap_ntlm_bind function is actually called by evolution-data-server, checked at version 1.12.2. Without this patch, the Exchange addressbook integration uses simple binds with cleartext passwords. Russ checked with openldap-software for upstream's opinion on this patch on 2007-12-21. Upstream had never received it as a patch submission and given that it's apparently only for older Exchange servers that can't do SASL and DIGEST-MD5, it's not very appealing. Bug#457374 filed against evolution-data-server asking if this support is still required on 2007-12-21. |
no | ||||
| debian-version | Replace upstream version with Debian version in version strings | Ryan Tandy <ryan@nardis.ca> | not-needed | |||
| man-slapd | Patch the slapd man page to not refer to a header file that isn't installed with the slapd package and to reference the correct path for slapd. Debian-specific. |
no | ||||
| slapi-errorlog-file | The slapi error log file defaults to /var/errors given our setting of --localstatedir. Move it to /var/log/slapi-errors instead. Debian-specific. |
no | ||||
| wrong-database-location | Move the default slapd database location to /var/lib/ldap instead of /var/openldap-data. Debian-specific. |
no | ||||
| index-files-created-as-root | Document in the man page that slapindex should be run as the same user as slapd, and print a warning if it's run as root (since Debian defaults to running slapd as openldap). Not suitable for upstream in this form. This patch needs to be reworked to check the BerkeleyDB database ownership and only warn if running as root with a database that's not owned by root. Upstream ITS #5356 filed requesting better handling of this. Current upstream discussion leans towards putting the check into the database backend and aborting if slapd is run as a different user than the database owner, which is an even better fix. |
no | ||||
| sasl-default-path | Add /etc/ldap/sasl2 to the SASL configuration search path. Not submitted upstream. Somewhat Debian-specific and probably not of interest upstream. |
no | ||||
| libldap-symbol-versions | Add symbol versioning to the public LDAP libraries. This is required for library transitions, such as the current transition from 2.1 to 2.4, since programs will sometimes have both libraries loaded by different dependency chains during the transition. Not yet contributed upstream. Upstream ITS #5365 filed requesting symbol versioning for libldap and libber. |
no | ||||
| getaddrinfo-is-threadsafe | OpenLDAP upstream conservatively assumes that certain resolver functions (getaddrinfo, getnameinfo, res_query, dn_expand) are not re-entrant; but we know that the glibc implementations of these functions are thread-safe, so we should bypass the use of this mutex. This fixes a locking problem when an application uses libldap and libnss-ldap is also used for hosts resolution. Closes Debian bug #340601. Not suitable for forwarding upstream; might be made suitable by adding a configure-time check for glibc and disabling the mutex only on known thread-safe implementations. |
Steve Langasek <vorlon@debian.org> | no | |||
| do-not-second-guess-sonames | Rip out code that second-guesses the libsasl soname / Debian shlibs. If cyrus sasl upstream is breaking the ABI, this needs to be fixed upstream there, not kludged around upstream here! Debian bug #546885 Upstream ITS #6302 filed. |
no | ||||
| contrib-makefiles | no | |||||
| smbk5pwd-makefile-manpage | [PATCH] contrib/smbk5pwd: add man page, install it too Add a manual page slapo-smbk5pwd.5 and update smbk5pwd's Makefile to install the new manual page. This patch is derived from the corresponding patch upstreamed in ITS#8205 |
Peter Marschall <peter@adpm.de> | no | 2015-07-26 | ||
| lastbind-makefile-manpage | no | |||||
| ldap-conf-tls-cacertdir | no | |||||
| add-tlscacert-option-to-ldap-conf | no | |||||
| fix-build-top-mk | no | |||||
| switch-to-lt_dlopenadvise-to-get-RTLD_GLOBAL-set.diff | Switch to lt_dlopenadvise() so back_perl can be opened with RTLD_GLOBAL.
Open all modules with RTLD_GLOBAL, needed so that back_perl can load
non-trivial Perl extensions that require symbols from back_perl.so itself. |
Jan-Marek Glogowski <jan-marek.glogowski@muenchen.de> | no | debian | 2010-05-18 | |
| no-bdb-ABI-second-guessing | don't second-guess BDB ABI OpenLDAP upstream conservatively assumes that any change to the version number of libdb can result in an API-breaking change that could impact the database. In Debian, we know that such changes require bumping the library soname and changing the package name, and demand such rigor from our package maintainers even when upstreams don't deliver; so any such check in the source code works against the packaging system by forcing database upgrades when we know none are required. Disable this check so we rely on the packaging system to do its job. |
Steve Langasek <vorlon@debian.org> | not-needed | debian | ||
| ITS6035-olcauthzregex-needs-restart.patch | no | |||||
| set-maintainer-name | no | |||||
| ITS-9086-Add-debug-logging-for-more-GnuTLS-errors.patch | [PATCH] ITS#9086 Add debug logging for more GnuTLS errors | Ryan Tandy <ryan@nardis.ca> | no | 2019-09-22 | ||
| ITS-9454-fix-issuerAndThisUpdateCheck.patch | [PATCH] ITS#9454 fix issuerAndThisUpdateCheck | Howard Chu <hyc@openldap.org> | no | 2021-02-06 | ||
| ITS-9815-slapd-sql-escape-filter-values.patch | [PATCH] ITS#9815 slapd-sql: escape filter values | Howard Chu <hyc@openldap.org> | no | 2022-03-23 |