This bug was fixed in the package openldap - 2.4.56+dfsg-1ubuntu1 --------------- openldap (2.4.56+dfsg-1ubuntu1) hirsute; urgency=medium
* Merge with Debian unstable. Remaining changes: - Enable AppArmor support: + d/apparmor-profile: add AppArmor profile + d/rules: use dh_apparmor + d/control: Build-Depends on dh-apparmor + d/slapd.README.Debian: add note about AppArmor - Enable GSSAPI support (first added in 2.4.18-0ubuntu2): + d/patches/gssapi.diff, thanks to Jerry Carter (Likewise): - Add --with-gssapi support - Make guess_service_principal() more robust when determining principal + d/configure.options: Configure with --with-gssapi + d/control: Added heimdal-dev as a build depend + d/rules: - Explicitly add -I/usr/include/heimdal to CFLAGS. - Explicitly add -I/usr/lib/<multiarch>/heimdal to LDFLAGS. + d/libldap-2.4-2.symbols: add symbols for GSSAPI support This should be dropped when the soname changes. - Enable ufw support: + d/control: suggest ufw. + d/rules: install ufw profile. + d/slapd.ufw.profile: add ufw profile. - Enable nss overlay: + d/rules: - add nssov to CONTRIB_MODULES - add sysconfdir to CONTRIB_MAKEVARS + d/slapd.install: install nssov overlay + d/slapd.manpages: install slapo-nssov(5) man page + d/p/contrib-makefiles: given the change in 2.4.47+dfsg-3 regarding Debian bug #919136, we also have to patch the nssov makefile accordingly and thus update this patch. - d/{rules,slapd.py}: Add apport hook. - Add support for CLDAP (UDP) support, back then required by likewise-open (first enabled in 2.4.17-1ubuntu2): + d/rules: Enable -DLDAP_CONNECTIONLESS + d/libldap-2.4-2.symbols: add symbols for CLDAP (UDP) This should be dropped when the soname changes. - debian/patches/fix_test_timing.patch: fix FTBFS on riscv64 because of test timing issue. - d/rules: better regexp to match the Maintainer tag in d/control, needed in the Ubuntu case because of XSBC-Original-Maintainer (Closes #960448, LP #1875697) * d/apparmor-profile: use abstractions/ssl_keys instead of manual rules, allows letsencrypt to work. Thanks to Paul McEnery (LP: #1909748) -- Paride Legovini <paride.legov...@canonical.com> Mon, 04 Jan 2021 16:18:57 +0100 ** Changed in: openldap (Ubuntu) Status: In Progress => Fix Released -- You received this bug notification because you are a member of Ubuntu Touch seeded packages, which is subscribed to openldap in Ubuntu. https://bugs.launchpad.net/bugs/1909748 Title: Apparmor profile improvements for letsencrypt Status in openldap package in Ubuntu: Fix Released Bug description: I can see that the slapd apparmor profile goes 90% of the way to working out of the box with letsencrypt/certbot, but fails to include abstractions/ssl_keys. The attached patch should work support all the methods in these abstractions, and should be the default with the slapd package. Please can you look at including this in future? Many thanks, Paul. To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu/+source/openldap/+bug/1909748/+subscriptions -- Mailing list: https://launchpad.net/~touch-packages Post to : touch-packages@lists.launchpad.net Unsubscribe : https://launchpad.net/~touch-packages More help : https://help.launchpad.net/ListHelp