Hi,
Someone submitted an update to OpenLDAP 2.5.
That someone was me. Here's a bit of background: I need the client side (libldap/ldapsearch) of OpenLDAP 2.5 to support SNI (Server Name Indication) over TLS 1.3, a configuration that is needed to access "Google Secure LDAP" with the OpenSSL version we have in Tumbleweed. I personally have no use for the server side (slapd) component at the moment, and hence no ability to test it with real-world configurations. Given the fair amount of changes in 2.5 as listed at https://www.openldap.org/software/release/announce.html it's rather likely changes to configuration files and other parts of the setup might be required. Unfortunately the OpenLDAP documentation isn't giving a detailed migration guide, so I guess migration will either work out of the box, or require a bit of fiddling with the config file. Here are two starting points: - https://www.openldap.org/doc/admin25/appendix-changes.html#Obsolete%20Featur... - https://www.openldap.org/doc/admin25/maintenance.html#Migration So here's the request: If you're currently running an OpenLDAP server on Tumbleweed, or have a more sophisticated LDAP-related setup, could you give the new OpenLDAP 2.5 packages a try? You can find them at https://build.opensuse.org/repositories/home:phiwag:branches:network:ldap Another thing to check for: OpenLDAP used to provide a thread-safe library "libldap_r". In OpenSUSE (and Fedora at least), we symlinked this library to "libldap" for a while. In OpenLDAP 2.5 the "libldap_r" library is gone and one should always use "libldap". To check if you can migrate easily, check for code that links against libldap_r/-lldap_r and replace it with "-lldap". That already works today and shouldn't make a difference, apart from being forward-compatible. If that turns out infeasible we can introduce a compat-symlink to libldap_r. I'm looking forward to your feedback! Best, Philipp