The openldap version we ship in RHEL 5 (openldap-2.3.27) is really anicent, we should rebase it to recent openldap-2.3.42, which is maybe the last release in 2.3.x branch (maintenance branch, real development happens in HEAD and 2.4.x). There is no API/ABI breaker, no soname bump. See attached changelog for detailed description what has changed (really lot of bugfixes, some of them critical).
Created attachment 311560 [details] the changelog
This request was evaluated by Red Hat Product Management for inclusion in a Red Hat Enterprise Linux maintenance release. Product Management has requested further review of this request by Red Hat Engineering, for potential inclusion in a Red Hat Enterprise Linux Update release for currently deployed products. This request is not yet committed for inclusion in an Update release.
Note that openldap is already an approved component and there are 9 outstanding bugfixes that we would otherwise have to backport.
I created preview of rebased openldap at http://people.redhat.com/jsafrane/bugs/454994/. Note that the package does not contain all fixes scheduled for RHEL 5.3. It's should contain all bugfixes for RHEL 5.2 and it should not introduce any regression.
In the meantime upstream released ver. 2.3.43, fixing five additional bugs, two of them serious, so we should rebase to it.
Release note added. If any revisions are required, please set the "requires_release_notes" flag to "?" and edit the "Release Notes" field accordingly. All revisions will be proofread by the Engineering Content Services team. New Contents: The OpenLDAP package has been rebased to the latest available bugfix release. In addition, we now distribute additional overlays for OpenLDAP server. All except 'syncprov' overlay can be found in separate openldap-servers-overlays package, compiled as dynamically loadable modules. 'Syncprov' overlay is statically linked to OpenLDAP server to keep compatibility with our older OpenLDAP releases. No other new features have been added with this release.
Release note updated. If any revisions are required, please set the "requires_release_notes" flag to "?" and edit the "Release Notes" field accordingly. All revisions will be proofread by the Engineering Content Services team. Diffed Contents: @@ -1,5 +1,10 @@ -The OpenLDAP package has been rebased to the latest available bugfix release. +OpenLDAP has been re-based to upstream version 2.3.43. This applies several upstream bug fixes, including: -In addition, we now distribute additional overlays for OpenLDAP server. All except 'syncprov' overlay can be found in separate openldap-servers-overlays package, compiled as dynamically loadable modules. 'Syncprov' overlay is statically linked to OpenLDAP server to keep compatibility with our older OpenLDAP releases. +* The init script now reports a warning if the slapd daemon cannot read a TLS certificate file. -No other new features have been added with this release.+* All libraries in openldap-debuginfo package are now unstripped. + +* Uninstalling the openldap-devel package no longer breaks openldap libraries. + + +Red Hat now distributes additional overlays for OpenLDAP server. Except for syncprov, all overlays can be found in separate openldap-servers-overlays packages, compiled as dynamically loadable modules. The syncprov overlay is statically linked to the OpenLDAP server to maintain compatibility with older OpenLDAP releases.
An advisory has been issued which should help the problem described in this bug report. This report is therefore being closed with a resolution of ERRATA. For more information on therefore solution and/or where to find the updated files, please follow the link below. You may reopen this bug report if the solution does not work for you. http://rhn.redhat.com/errata/RHBA-2009-0090.html