I downgraded the version of OpenLDAP on KE to cure a segfault problem in the PAM LDAP module.

The PAM LDAP module periodically caused a segfault in any program that uses it when it was paired with the 2.0.21 version of OpenLDAP. I grabbed the package from HEIWA and force-removed and downgraded it on KE, and the segfault problem seems to have gone away.

The known way to reproduce the problem was using sudo -v. This would always segfault with 2.0.21, and it never segfaults with 2.0.14.

Since we’re not using OpenLDAP on these servers for anything besides its library for the PAM module, I believe this is safe enough.