dovecot updates kills NSS

[Edgar Fuß <ef%math.uni-bonn.de@localhost>]

I don't know whether this is my fault or an oversight in pkgsrc  
itself or atabases/nss_ldap.

Yesterday, on one of our mail servers, I updated dovecot from a  
binary package. The new version was built to depend on a newer  
version of openldap-client, so pkg_add -uu updated openldap-client,  
too. Unfortunately, the update removed some /usr/pkg/lib/ 
libldap-2.x.so which the version of nss_ldap running on the machine  
was still using. So from that point on, NSS would have no LDAP  
backend on the machine. Fortunately, I immediately noticed this since  
the installation of the new dovecot package said it locally created  
user and group "dovecot" which we have in LDAP. So I managed to stop  
postfix before large amounts of mail were bounced due to unknown  
local recipients.

To me as a non-expert, the problem appears to be that nss_ldap  
registers a dependency for openldap-client>=2.x.y, but in fact  
depends on exactly 2.x.y to be installed. Or is the problem caused by  
the nature of nss_ldap being a library used by programs outside pkgsrc?

Of course, the problem was easily solved by updating nss_ldap.