Actual Ubuntu Slapd totaly useless for "serious" use

Please add Debian backport bug

Once Utopic syncs with the new Debian version I think the best option is to make a request via the Ubuntu Backports Project (-backports).

Le 05/05/2014 16:06, Peter Matulis a écrit :
> Please add Debian backport bug
>
Sorry, I misspoke. There is no backport in Debian now.
Debian finally switch to 2.4.39 in Sid and Jessie after a maintainer change.
A backport for Ubuntu 14.04 LTS is highly desirable as for Debian stable.

Should I open a Debian bug or request a Debian backport to the Debian
maintainer first ?
I search informations about Debian backports requests, but it seems that
there is no other "official" way than doing the backport myself.

Regards,
Emmanuel.

There's an open request (for a long time) for a backport in Debian: http://bugs.debian.org/685748

A backport should address the question of DB format upgrades when going from release to release. The technique currently used, checking the version of the package being upgraded, will fail if a newer package is backported to an older release (with an older DB library) and then upgraded (because it will already be newer than what the version check looks for). I don't have a good idea for addressing that. (Backporting from Utopic to Trusty is probably safe, as long as they have the same libdb version.)

Backporting openldap in Ubuntu is time-consuming because the procedure calls for every single reverse dependency to be verified. See for example the list in a previous attempt: https://bugs.launchpad.net/bugs/968612

The LTB project provides deb packages of the most recent sources, built according to upstream's recommendations. If you're currently just building and installing unmodified upstream sources, those might save you some time. http://ltb-project.org/

This bug was fixed in the package openldap - 2.4.40+dfsg-1ubuntu1

---------------
openldap (2.4.40+dfsg-1ubuntu1) wily; urgency=low

  * Merge from Debian testing (LP: #1395098, LP: #1316124). Remaining changes:
    - Enable AppArmor support:
      - d/apparmor-profile: add AppArmor profile
      - d/rules: use dh_apparmor
      - d/control: Build-Depends on dh-apparmor
      - d/slapd.README.Debian: add note about AppArmor
    - Enable GSSAPI support:
      - d/patches/gssapi.diff, thanks to Jerry Carter (Likewise):
        - Add --with-gssapi support
        - Make guess_service_principal() more robust when determining
          principal
      - d/configure.options: Configure with --with-gssapi
      - d/control: Added heimdal-dev as a build depend
    - Enable ufw support:
      - d/control: suggest ufw.
      - d/rules: install ufw profile.
      - d/slapd.ufw.profile: add ufw profile.
    - Enable nss overlay:
      - d/{patches/nssov-build,rules}: Apply, build and package the
        nss overlay.
    - d/{rules,slapd.py}: Add apport hook.
    - d/slapd.init.ldif: don't set olcRootDN since it's not defined in
      either the default DIT nor via an Authn mapping.
    - d/slapd.scripts-common:
      - add slapcat_opts to local variables.
      - Remove unused variable new_conf.
      - Fix backup directory naming for multiple reconfiguration.
    - d/{slapd.default,slapd.README.Debian}: use the new configuration style.
    - d/rules: Enable -DLDAP_CONNECTIONLESS to build CLDAP (UDP) support
      in the openldap library, as required by Likewise-Open
    - Show distribution in version:
      - d/control: added lsb-release
      - d/patches/fix-ldap-distribution.patch: show distribution in version
  * Drop patches included upstream:
    - d/patches/0001-ITS-7430-GnuTLS-Avoid-use-of-deprecated-function.patch
    - d/patches/bdb-deadlock.patch
    - d/patches/its-7354-fix-delta-sync-mmr.diff
  * Drop hardening-wrapper as Debian now sets PIE and bindnow flags.
  * debian/patches/nssov-build: Adjust for upstream changes.
  * debian/apparmor-profile:
    - Change 'r' to 'rw' for ldapi and nslcd sockets, required for apparmor
      kernel ABI v7 (utopic and later). (LP: #1392018)
    - Reduce permissions on /run/nslcd to just the nslcd socket.
  * Enable the mdb backend again on ppc64el, fixed upstream in ITS#7713.
    (LP: #1293250)

openldap (2.4.40+dfsg-1) unstable; urgency=medium

  * Remove inetorgperson.schema from the upstream source. Replace it with a
    copy stripped of RFC text. (Closes: #780283)
  * Adjust debian/watch for +dfsg versioning.
  * debian/patches/ITS7975-fix-mdb-onelevel-search.patch: Import upstream
    patch to fix scope=onelevel searches wrongly including the search base in
    results under the MDB backend. (ITS#7975) (Closes: #782212)

openldap (2.4.40-4) unstable; urgency=medium

  * debian/patches/ITS8027-deref-reject-empty-attr-list.patch: Import upstream
    patch to fix a crash when a search includes the Deref control with an
    empty attribute list. (ITS#8027) (CVE-2015-1545, Closes: #776988)
  * debian/patches/ITS8046-fix-vrFilter_free-crash.patch: Import upstream
    patch to fix a double free triggered by...