Hi Howard, Thanks for the pointer. --enable-lmpasswd was indeed enabled in the FreeBSD port. Notifying maintainer of port to switch it off and provided a patch for the port. Hope the patch I created for OpenLDAP is usable after all! Deprecated code in a function that should not be used, would it not be better to remove it completely? (or is that violating the RFCs?)

Kind regards, Bernard. On Wed, Nov 5, 2014 at 5:48 PM, Howard Chu <hyc(a)symas.com&gt; wrote: > spil.oss(a)gmail.com wrote: >> >> Full_Name: Bernard Spil >> Version: 2.4.40 >> OS: FreeBSD 10.1-RC2 >> URL: ftp://ftp.openldap.org/incoming/ >> Submission from: (NULL) (185.9.255.20) >> >> >> When compiling OpenLDAP against the LibreSSL OpenSSL fork, compilation >> fails >> because deprecated types and functions are used. These types and functions >> have >> been marked deprecated by OpenSSL since 2002 and moved from des.h to >> des_old.h. >> LibreSSL removed these deprecated types and functions in April 2014 see >> >> https://github.com/libressl-portable/openbsd/commit/e0d211052a6946b9f8af1... >> >>> From the make output: > > > It appears you're compiling with the old LANMAN hash support. Nobody should > be using LANMAN any more, it's trivially insecure. I'm inclined to ignore > this ITS.