This is a list of blocking bugs that must be addressed before these
changes are committed to the trunk:

* new_default_com_err_proc is not an acceptable name for a global symbol.

* Thread specific data is not how we want to handle database errors.
I think we want to handle them in krb5_contexts.  See if the API
supports this and either change it or explicitly decide thread
specific data is OK.



* --with-ldap needs to be carefully considered; is OPENLDAP upper case really correct? Consider GCS and other  options we already use.


* kdc, kadmin/server kadmin/ldap_util, lib/kadm5/clnt/ wants err_handle.h from lib/kdb.  This seems
wrong and should probably be fixed either by installing that header in
buildtop/include or something.


* libkadm5clnt pulls in a shared object from kdb5.

* Separation between ldap_util and the ldap plugin needs to be
considered.  Perhaps ldap_util should be built in the plugin if that
doesn't mess things up too much.

* I've told the kadmin client to link against -lkdb5 as a hack.
That's clearly wrong but is because of brokenness in kadm5/clnt.

* The ldap plugin also serves as a library for its administrative
interface.  Determine if this is OK; I expect it to create load
problems as the plugin directory should not be on the search path.