LDAP keyserver patch

gnupg-devel at thewrittenword.com gnupg-devel at thewrittenword.com
Wed Sep 12 08:44:01 CEST 2001

On Mon, Sep 10, 2001 at 07:58:18AM +0200, Florian Weimer wrote:
> David Shaw <dshaw at jabberwocky.com> writes:
> > Included in the patch is a helper application for LDAP and another one
> > for email keyservers.  You need OpenLDAP installed to enable LDAP
> > support.
> Note that the OpenLDAP license is in a constant flux.  The most recent
> version (2.7) seems to be GPL-compatible (so that you can distribute
> binaries), but some of the previous ones were definitely not.
> I don't know if the current GPL compatibility is a mere accident, or
> if it is by design.

It is by design. We were going to bring up the issue and emailed
licensing at gnu.org but were told not to as RMS was going to handle
this. I emailed licensing at gnu.org to confirm the 2.7 license as being
GPL compatible and received a response that RMS has agreed that it is.

You will need to find a version of OpenLDAP with this license to be
able to use it though (I have not looked at the license on the latest
1.2 and 2.0 versions). Note though that I think this applies mainly to
commercial unixen that do not have OpenLDAP as part of the base OS
(same exception clause that allows GPL software on Solaris to link
against Solaris libc).

Note that OpenLDAP 2.0.x can use SASL which uses OpenSSL. The OpenSSL
license is *incompatible* with the GPL. So, I believe (IANAL)
that OpenLDAP + Cyrus SASL would be imcompatible with the GPL (hence
incompatible with GnuPG). Ugh! To overcome this, some GPL programs
like fetchmail add the following to the GPL license:
  Specific permission is granted for this code to be linked to OpenSSL
  (this is necessary becuse the OpenSSL license is not GPL-compatible).

albert chin (china at thewrittenword.com)

More information about the Gnupg-devel mailing list