enterprise-support team mailing list archive
-
enterprise-support team
-
Mailing list archive
-
Message #10376
[Bug 2063161] Re: PHP LDAP extension is missing a dependency
noble:
php8.3-ldap depends on libldap2;
libldap2 RECOMMENDS libldap-common;
focal:
php7.4-ldap depends on libldap-2.4-2;
libldap-2.4-2 DEPENDS on libldap-common;
in both cases, libldap-common only ships the /etc/ldap/ldap.conf
configuration file, which sets TLS_CACERT.
The openldap chagelog has the following entry:
openldap (2.4.25-1) unstable; urgency=low
...
* Add debian specific patch for ldap.conf. Add TLS_CACERT option and set it
by default to /etc/ssl/certs/ca-certificates.crt (Closes: #555409, #616703)
...
-- Matthijs Möhlmann <matthijs@xxxxxxxxxxxx> Mon, 11 Apr 2011 22:10:14 +0200
Which explains why we have the TLS_CACERT entry in the configuration file and why things work out of the box for php-ldap. The following bugs should give full context on the matter:
https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=555409
https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=616703
Then, there is the following entry in the openldap package changelog;
openldap (2.4.51+dfsg-1) unstable; urgency=medium
...
* Relax libldap's dependency on libldap-common to Recommends.
This is intended to mitigate the impact of bug #915948 in the case where
the arch:all build is delayed for so long that the old libldap-common
disappears. Previously, a delayed arch:all build could become
BD-Uninstallable if new amd64 binaries were published before the arch:all
build starts, due to the transitive build-dependency on libldap.
Although libldap works fine without libldap-common, in normal
installations it is still recommended to install libldap-common.
...
-- Ryan Tandy <ryan@xxxxxxxxx> Sun, 23 Aug 2020 11:09:57 -0700
Which was implemented to fix http://bugs.debian.org/cgi-
bin/bugreport.cgi?bug=915948.
The consequence here is that when the package is installed with --no-
install-recommends, TLS_CACERT is not set and you see the described
error (which is known to be a not ideal error message as described in
the debian bug linked above (#555409).
Still, in https://www.debian.org/doc/debian-policy/ch-
relationships.html, the Debian policy states that:
"Recommends declares a strong, but not absolute, dependency. The
Recommends field should list packages that would be found together with
this one in all but unusual installations."
Which is reasonable given the statement in the changelog bit mentioned
above ("libldap works fine without libldap-common").
However, this is a workaround for a bug in dak. Since we use launchpad,
we could verify if we also suffer of similar issues and then, in case
launchpad is not affected, consider reverting this change in a Ubuntu.
Once could also argue considering fixing this in php-ldap by also
depending on libldap-common. IMHO, that would be overstretching AND
undoing the openldap patch indirectly and would need to be done in other
packages as well for consistency. i.e., this is a bad option.
** Bug watch added: Debian Bug tracker #555409
https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=555409
** Bug watch added: Debian Bug tracker #616703
https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=616703
** Bug watch added: Debian Bug tracker #915948
https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=915948
** Also affects: openldap (Ubuntu)
Importance: Undecided
Status: New
** Changed in: openldap (Ubuntu)
Status: New => Triaged
** Changed in: php-defaults (Ubuntu)
Status: New => Opinion
** Tags added: server-todo
--
You received this bug notification because you are a member of Ubuntu
Server/Client Support Team, which is subscribed to openldap in Ubuntu.
Matching subscriptions: Ubuntu Server/Client Support Team
https://bugs.launchpad.net/bugs/2063161
Title:
PHP LDAP extension is missing a dependency
To manage notifications about this bug go to:
https://bugs.launchpad.net/ubuntu/+source/openldap/+bug/2063161/+subscriptions