https://bugs.openldap.org/show_bug.cgi?id=9646
Issue ID: 9646 Summary: slapd-meta: deprecations in 2.4: “try-propagate is highly deprecated” Product: OpenLDAP Version: 2.5.4 Hardware: All OS: All Status: UNCONFIRMED Severity: normal Priority: --- Component: documentation Assignee: bugs@openldap.org Reporter: dpa-openldap@aegee.org Target Milestone: ---
The upgrade instructions from 2.4 at https://www.openldap.org/doc/admin25/appendix-upgrading.html says
B.4. ldap and meta backends
Several deprecated configuration directives for slapd-ldap(5) and slapd-meta(5) have been removed. Configurations using those directive must be updated to use supported directives prior to upgrade. See the slapd-ldap(5) and slapd-meta(5) man pages from OpenLDAP 2.4 for a list of deprecated directives.
The slapd-meta(5) for 2.4 says at https://www.openldap.org/software/man.cgi?query=slapd-meta&apropos=0&... , when I search for “deprecated”:
tls {[try-]start|[try-]propagate}The try- prefix instructs the proxy to continue operations if the StartTLS operation failed; its use is highly deprecated.
...
DEPRECATED STATEMENTS The following statements have been deprecated and should no longer be used. pseudorootdn <substitute DN in case of rootdn bind> Use idassert-bind instead.
pseudorootpw <substitute password in case of rootdn bind> Use idassert-bind instead.
I object the wording “highly deprecated”. It should be “highly discouraged”. With the current wording it is not very clear, whether the try- variants disappeared in 2.5