> PAM should be using nss-pam-ldapd, not calling libldap directly. This
> is an architectural flaw in both GnuTLS and PAM, not an OpenLDAP bug.
> This ITS is invalid.
It's called _lib_ldap after all, so are other projects linking against /
dlopen()ing libldap doing the wrong thing?
Messing with other libraries global state and not undoing it on cleanup
isn't exactly what a well-behaved library should do. The gnutls
documentation explicitly mentions not to call gnutls_global_set_mutex
from libraries:
> Do not call this function from a library, or preferably from any
> application unless really needed to.