Debian Patches

Status for openldap/2.5.13+dfsg-5

Patch Description Author Forwarded Bugs Origin Last update
debian-version Replace upstream version with Debian version in version strings Ryan Tandy <> not-needed
man-slapd Patch the slapd man page to not refer to a header file that isn't
installed with the slapd package and to reference the correct path
for slapd.

slapi-errorlog-file The slapi error log file defaults to /var/errors given our setting
of --localstatedir. Move it to /var/log/slapi-errors instead.

ldapi-socket-place Move the ldapi socket to /var/run/slapd from /var/run, since /var/run
is only writable by root and slapd runs as openldap.

wrong-database-location Move the default slapd database location to /var/lib/ldap instead of

index-files-created-as-root Document in the man page that slapindex should be run as the same user
as slapd, and print a warning if it's run as root (since Debian defaults
to running slapd as openldap).

Not suitable for upstream in this form. This patch needs to be reworked
to check the BerkeleyDB database ownership and only warn if running as
root with a database that's not owned by root.

Upstream ITS #5356 filed requesting better handling of this. Current
upstream discussion leans towards putting the check into the database
backend and aborting if slapd is run as a different user than the database
owner, which is an even better fix.
sasl-default-path Add /etc/ldap/sasl2 to the SASL configuration search path.

Not submitted upstream. Somewhat Debian-specific and probably not of
interest upstream.
getaddrinfo-is-threadsafe OpenLDAP upstream conservatively assumes that certain resolver functions
(getaddrinfo, getnameinfo, res_query, dn_expand) are not re-entrant; but we
know that the glibc implementations of these functions are thread-safe, so
we should bypass the use of this mutex. This fixes a locking problem when
an application uses libldap and libnss-ldap is also used for hosts

Closes Debian bug #340601.

Not suitable for forwarding upstream; might be made suitable by adding a
configure-time check for glibc and disabling the mutex only on known
thread-safe implementations.
Steve Langasek <> no
do-not-second-guess-sonames Rip out code that second-guesses the libsasl soname / Debian shlibs. If
cyrus sasl upstream is breaking the ABI, this needs to be fixed upstream
there, not kludged around upstream here!

Debian bug #546885

Upstream ITS #6302 filed.
contrib-makefiles no
ldap-conf-tls-cacertdir no
add-tlscacert-option-to-ldap-conf no
fix-build-top-mk no
switch-to-lt_dlopenadvise-to-get-RTLD_GLOBAL-set.diff Switch to lt_dlopenadvise() so back_perl can be opened with RTLD_GLOBAL. Open all modules with RTLD_GLOBAL, needed so that back_perl can load
non-trivial Perl extensions that require symbols from itself.
Jan-Marek Glogowski <> no debian 2010-05-18
set-maintainer-name no

All known versions for source package 'openldap'