Hi, On 12.07.2015 09:28, Petter Reinholdtsen wrote: > Btw, do you have time to test the patch in #698649? We are unsure what > to do about it.
I have looked into that bug report and the patch, but am a bit confused as to what it has to do with the current ldap2bind in Debian. As I understand it, the linked code on GitHub implements an sdb LDAP backend for bind, while the ldap2bind/ldap2zone pair of tools creates BIND configuration and zone files outside of BIND. The approaches are entirely different, however, there seems to be shared code between the two, the reason for which I do not yet understand (does that bind9-ldap thing do some sort of just-in-time dump from LDAP to zone files, or something? The author of the patch did not see this difference, as it appears, or the patch is incomplete. The patch updates ldap2zone, the C program that gets a single zone from LDAP and dumps it to a BIND9 zone file. However, in the accompanying bug mail, the author talks about passing a password to the ldapsearch command - which obviously is not in the ldap2zone program, but would rather be found in the ldap2bind wrapper script. This script, however, is not patched and so the patch has nothing to do with the described intention. In any case, I do not think the two should be mixed. bind9-ldap could certainly go into Debian, but not as a patch or replacement for ldap2zone. I am currently doing a full rewrite of ldap2bind and ldap2zone, which will work as a drop-in replacement, and cover the things the author desired. Cheers, Nik -- PGP-Fingerprint: 3C9D 54A4 7575 C026 FB17 FD26 B79A 3C16 A0C4 F296 Teckids e.V. · FrOSCon e.V. · OpenRheinRuhr e.V. Fellowship of the FSFE · Piratenpartei Deutschland Debian Contributor LPIC-3 Linux Enterprise Professional (Security)
signature.asc
Description: OpenPGP digital signature