We should update OpenLDAP. Bookworm currently has 2.5.11 upstream has 2.6.1.
I had a look at the required changes and adjusted our patches to obtain a source package that could be built successfully. I've committed my temporary results here: r19562 | 2.5.11+dfsg-1-update-poc (Patches adjusted to upstream) There are more things to do. From the changelog: * "The ppolicy schema has been merged into the slapo-ppolicy(5) module." I.e. /etc/ldap/schema/ppolicy.schema is not installed any longer, so the slapd.conf needs to be adjusted to take that into consideration prior to the update, otherwise slapd fails start during package update (in particular during database dump+restore), leaving a dysfunctional system that needs manual intervention.
Looks like we can avoid dump+restore of the slapd-mdb backend: https://www.mail-archive.com/openldap-technical@openldap.org/msg26119.html
*** Bug 52306 has been marked as a duplicate of this bug. ***