16 Jan
2018
16 Jan
'18
2:18 a.m.
PAM should be using nss-pam-ldapd, not calling libldap directly. This is an architectural flaw in both GnuTLS and PAM, not an OpenLDAP bug. This ITS is invalid.
It's called _lib_ldap after all, so are other projects linking against / dlopen()ing libldap doing the wrong thing?
Messing with other libraries global state and not undoing it on cleanup isn't exactly what a well-behaved library should do. The gnutls documentation explicitly mentions not to call gnutls_global_set_mutex from libraries:
Do not call this function from a library, or preferably from any application unless really needed to.