> PAM should be using nss-pam-ldapd, not calling libldap directly. This > is an architectural flaw in both GnuTLS and PAM, not an OpenLDAP bug. > This ITS is invalid.
It's called _lib_ldap after all, so are other projects linking against / dlopen()ing libldap doing the wrong thing? Messing with other libraries global state and not undoing it on cleanup isn't exactly what a well-behaved library should do. The gnutls documentation explicitly mentions not to call gnutls_global_set_mutex from libraries: > Do not call this function from a library, or preferably from any > application unless really needed to.
