+++ This bug was initially created as a clone of Bug #1122486 +++
Please rebase python-ldap to version 2.4.15, we need bugfixes.
Please note that DNSSEC feature in FreeIPA also needs new functionality proposed in https://github.com/spacekpe/python-ldap/commit/8b4f935a97759c692637fb9a81e7d353ace27f53 . The rebase should include equivalent commit from upstream repo (if it gets merged).
Rebased to 2.4.15 and added the patch in comment #2.
In addition to SanityOnly QA, Petr should verify the patch works correctly.
thank you for the rebase.
I have to inform you that patch from comment #2 was not accepted upstream (actually upstream didn't communicate with me despite my repeated attempts to reach them).
Is it okay to provide the non-upstream API in this RHEL package? Of course, the other option is to guerilla-patch the library from my application which is also not nice.
BTW do you maintain the package in Fedora too? It could use rebase as well...
The Fedora package is maintained by Jeroen van Meeuwen. I'm stuck with it in RHEL only for historical reasons.
My own preference is not to deviate from upstream - especially in matters of API additions - because we'll be stuck with it for the life of RHEL 7 and there's a risk in future rebases of upstream adding an identically-named but incompatible API.
I suggest the guerilla-patching option. If you can make that work I'll back out the patch.
I will investigate it and let you know as soon as possible. Thank you for your time!
Upstream may review the patch in next two weeks. Would it be okay to postpone this discussion till then?
Upstream accepted the API: https://mail.python.org/pipermail/python-ldap/2014q3/003424.html
Discussion about internal implementation details is ongoing but it should not change the API in any way so IMHO the patch can stay here as-is for now.
Upstream accepted latest patch: https://mail.python.org/pipermail/python-ldap/2014q3/003430.html
Feel free to use it downstrem instead the original patch if you want.
It is necessary to squash the new patch with the previous one (https://mail.python.org/pipermail/python-ldap/2014q3/003384.html) otherwise you will not be able to apply it on top of latest released version.
Okay thanks Petr. I merged the two patches in the SRPM, although you might want to double check I did it right.
Rebuilt as python-ldap-2.4.15-2.el7
I confirm that your final patch python-ldap-2.4.15-syncrepl-refreshdone.patch makes the same changes in Lib/ldap/syncrepl.py as two upstream commits mentioned in comment #10.
Thank you very much!
Since the problem described in this bug report should be
resolved in a recent advisory, it has been closed with a
resolution of ERRATA.
For information on the advisory, and where to find the updated
files, follow the link below.
If the solution does not work for you, open a new bug report.