This bug was fixed in the package openldap - 2.4.56+dfsg-1ubuntu1
---------------
openldap (2.4.56+dfsg-1ubuntu1) hirsute; urgency=medium
* Merge with Debian unstable. Remaining changes:
- Enable AppArmor support:
+ d/apparmor-profile: add AppArmor profile
+ d/rules: use dh_apparmor
+ d/control: Build-Depends on dh-apparmor
+ d/slapd.README.Debian: add note about AppArmor
- Enable GSSAPI support (first added in 2.4.18-0ubuntu2):
+ d/patches/gssapi.diff, thanks to Jerry Carter (Likewise):
- Add --with-gssapi support
- Make guess_service_principal() more robust when determining
principal
+ d/configure.options: Configure with --with-gssapi
+ d/control: Added heimdal-dev as a build depend
+ d/rules:
- Explicitly add -I/usr/include/heimdal to CFLAGS.
- Explicitly add -I/usr/lib/<multiarch>/heimdal to LDFLAGS.
+ d/libldap-2.4-2.symbols: add symbols for GSSAPI support
This should be dropped when the soname changes.
- Enable ufw support:
+ d/control: suggest ufw.
+ d/rules: install ufw profile.
+ d/slapd.ufw.profile: add ufw profile.
- Enable nss overlay:
+ d/rules:
- add nssov to CONTRIB_MODULES
- add sysconfdir to CONTRIB_MAKEVARS
+ d/slapd.install: install nssov overlay
+ d/slapd.manpages: install slapo-nssov(5) man page
+ d/p/contrib-makefiles: given the change in 2.4.47+dfsg-3 regarding
Debian bug #919136, we also have to patch the nssov makefile
accordingly and thus update this patch.
- d/{rules,slapd.py}: Add apport hook.
- Add support for CLDAP (UDP) support, back then required by
likewise-open (first enabled in 2.4.17-1ubuntu2):
+ d/rules: Enable -DLDAP_CONNECTIONLESS
+ d/libldap-2.4-2.symbols: add symbols for CLDAP (UDP)
This should be dropped when the soname changes.
- debian/patches/fix_test_timing.patch: fix FTBFS on riscv64 because
of test timing issue.
- d/rules: better regexp to match the Maintainer tag in d/control,
needed in the Ubuntu case because of XSBC-Original-Maintainer
(Closes #960448, LP #1875697)
* d/apparmor-profile: use abstractions/ssl_keys instead of manual rules,
allows letsencrypt to work. Thanks to Paul McEnery (LP: #1909748)
-- Paride Legovini <paride.legov...@canonical.com> Mon, 04 Jan 2021
16:18:57 +0100
** Changed in: openldap (Ubuntu)
Status: In Progress => Fix Released
--
You received this bug notification because you are a member of Ubuntu
Touch seeded packages, which is subscribed to openldap in Ubuntu.
https://bugs.launchpad.net/bugs/1909748
Title:
Apparmor profile improvements for letsencrypt
Status in openldap package in Ubuntu:
Fix Released
Bug description:
I can see that the slapd apparmor profile goes 90% of the way to
working out of the box with letsencrypt/certbot, but fails to include
abstractions/ssl_keys. The attached patch should work support all the
methods in these abstractions, and should be the default with the
slapd package.
Please can you look at including this in future?
Many thanks,
Paul.
To manage notifications about this bug go to:
https://bugs.launchpad.net/ubuntu/+source/openldap/+bug/1909748/+subscriptions
--
Mailing list: https://launchpad.net/~touch-packages
Post to : touch-packages@lists.launchpad.net
Unsubscribe : https://launchpad.net/~touch-packages
More help : https://help.launchpad.net/ListHelp
