[Date Prev][Date Next] [Chronological] [Thread] [Top]

RE: OpenLDAP Binaries



> -----Original Message-----
> From: Fred Johnson [mailto:fred_johnson_42@yahoo.com]

> Sorry for the delay, Howard. I had to put this project
> on the shelf for a while, but I've had a chance to
> download both the Solaris and HP packages and run them
> through their paces.
>
> Here's the feedback you asked for:

Thanks for taking the time to write back, it's good to hear.

> I downloaded the Solaris 2.8 cds 1.1.1 and HP 11.i cds
> 1.1.2 packages and installed them on a few different
> machines. The packages installed cleanly and setup was
> straightforward. It was an unexpected pleasure to be
> able to use native OS tools (pkgadd & swinstall) to

Yes, why should the Linux/RPM users have all the fun... (We have Linux RPMs
as well, but it seems the major Linux distributors already cover this stuff
so we haven't put any emphasis here. I think the SuSE folks do a great job
already, but if you're looking for a Symas build on Linux, we can readily
oblige.)

> install them. I had a working directory server in
> about fifteen minutes! The examples in the OpenLDAP
> Quick Start Guide worked without a hitch.

Great! Given the number of people who write to this list saying "I'm
following the quick start guide and it doesn't work" it's nice to hear from
someone else who actually followed it successfully.

> I like how you seperated the packages by function so I
> could install just what I need on different systems. I
> also like that you included SASL and OpenSSL "out of
> the box".

> Including prngd was was a thoughtful touch- we don't
> have /dev/urandom on any of our machines, and prngd
> provides a good sorce of random data. It was also nice
> that you provided startup scripts for slapd and prngd.

We're going for an "all-in-one" approach here. Enough people on this list
seem to have trouble choosing the right configure options for SASL and TLS
that we tried to eliminate that issue. Also, our background is in security
design and administration, so we have a particular interest in seeing SASL
and TLS deployed correctly. I'm glad this helped you.

> The pam and nss modules (cns) rock! The ones we built
> kept dumping core and didn't work reliably,
> particularly on Solaris 8. Your modules worked after
> just a bit of fiddling with the config. /bin/passwd
> works too (yay!). I liked your getting started guide.
> Brief and to the point.

Thanks. People already get overwhelmed by the volume of material they need to
read and understand, so I try to keep to the bare essentials.

> Making things work with SSL was straightforward. Had
> some trouble with the OpenSSL application itself coz
> it's just plain hard to use, but a little time spent
> with google took care of that. I like that you put the
> OpenSSL libs in the base packages and put the openssl
> app in a seperate place. That lets me install the CA
> on a secured machine to protect it and its keys.

Yes, that's exactly how we intended things, I'm glad this also made sense to
you.

> SSL
> itself is still a pain to deploy, but that's not your
> fault.

These packages are essentially the same as you could build yourself from the
downloaded source. We put some effort into fixing the obvious bugs and
misfeatures but overall it's the same as you'll find anywhere else, just
built correctly. Symas also has a proprietary slapd module that automates
certificate generation and distribution. This module is part of the
Connexitor Enterprise Management Suite. It makes SSL deployment fairly
painless, but it is not freeware.

> I was hoping for a little more documentation overall.

One of our objectives for these offerings is to keep them identical or nearly
identical to the original source distributions. This way, if someone
encounters a problem while using one of our binaries, they can still get free
support from the existing Open Source community without the fact that they're
using "Symas Binaries" being a concern.

On the flip side, if you choose to purchase a support contract from us, we
can obviously provide any information or assistance you desire.

> I was surprised that you elected to place the files in
> /opt/symas and /var/symas instead of the "usual"
> places. On reflection it's a good thing, though. Keeps
> your stuff from colliding with previously installed
> versions.

Yes, it seems likely that someone may try our packages after failing to get
things working on their own. As such, we wanted to keep our paths well
isolated to prevent any possible ambiguities from mixing things up.

> Overall the Symas packages hang together and work
> well. You've obviously thought about how this stuff
> should go together and you've done a great job
> integrating it. I may have a few questions later on,
> but they relate to OpenLDAP itself. For now, thank you
> for your efforts and for letting me get to _using_
> OpenLDAP!

Thank you for taking the time to check it out and write back. It's great to
see some appreciation for the effort that's gone into it all.
>
> Fred Johnson       IT Specialist
> McMurdo International Specialties
>
> P.S. It's very likely that McMurdo will spring for a
> commercial license once we complete our planning. I
> hope your rates are reasonable?

We can discuss this off the mailing list. Certainly we don't charge anywhere
near what other commercial directory vendors charge. But that aside, I think
you'll find the most value in knowing that an expert will handle your support
calls and will deliver you a correct solution quickly, no matter where the
problem lies. I've crawled through just about every nook and cranny of each
of these software packages and there's no unfamiliar territory here.
>
> --- Howard Chu <hyc@highlandsun.com> wrote:
> > Are you psychic or something? :) We just finished
> > uploading a few minutes
> > ago. Go to http:/www.symas.com and follow the
> > "Downloads" link. We don't
> > solicit any registration information, but we would
> > appreciate any feedback
> > you have to offer.
> > As I mentioned before, packages are available for
> > Solaris 2.7, 2.8, and HP-UX
> > 11i.
> >
> >   -- Howard Chu
> >   Chief Architect, Symas Corp.       Director,
> > Highland Sun
> >   http://www.symas.com
> > http://highlandsun.com/hyc
> >   Symas: Premier OpenSource Development and Support
> >
> > > -----Original Message-----
> > > From: owner-openldap-software@OpenLDAP.org
> > > [mailto:owner-openldap-software@OpenLDAP.org]On
> > Behalf Of Fred Johnson
> > > Sent: Tuesday, October 01, 2002 10:26 PM
> > > To: OpenLDAP-software@OpenLDAP.org
> > > Subject: OpenLDAP Binaries
> > >
> > >
> > > Hi Howard,
> > >
> > > I was wondering if the OpenLDAP binaries are ready
> > for
> > > download yet. We're eager to try them here.
> > >
> > > TIA
> > >
> > > Fred
> > >
> > > Fred Johnson       IT Specialist
> > > McMurdo International Specialties
> > >
> > > --- Fred Johnson <fred_johnson_42@yahoo.com>
> > wrote:
> > > > That's great news, Howard. This should make our
> > > > lives
> > > > easier, and I'm looking forward to checking out
> > the
> > > > packages. Is this a one-shot, or is it something
> > > > Symas
> > > > is going to continue?
> > > >
> > > > Would you please let me know when/where I can
> > > > download
> > > > them?
> > > >
> > > > BTW, I'm also interested in the Solaris pam_ldap
> > > > software.
> > > >
> > > > Thanks,
> > > >
> > > > Fred
> > > >
> > > > --- Howard Chu <hyc@highlandsun.com> wrote:
> > > > > We (Symas Corp.) have pre-built binaries for
> > > > Solaris
> > > > > 7 and 8, HPUX 11, and
> > > > > AIX 4.2.1. The newest stuff isn't on our web
> > site
> > > > > yet because we're still
> > > > > testing the integrated package. We provide
> > > > OpenLDAP
> > > > > 2.1.5, Cyrus SASL 2.1.7,
> > > > > Heimdal 0.4d, OpenSSL 0.9.6g, and BerkeleyDB
> > > > 4.1.24.
> > > > > We also have pam_ldap
> > > > > 152 and nss_ldap 201. Most of the packages are
> > off
> > > > > the shelf but we've also
> > > > > made some bugfixes to these packages to get
> > them
> > > > > playing together correctly.
> > > > > (If you follow the relevant mailing lists
> > you'll
> > > > > have seen the fixes we've
> > > > > submitted already.) I expect the full set of
> > > > > packages will be finished
> > > > > testing and freely available on our web site
> > > > > sometime next week. (Things are
> > > > > going well, but this is a lot of code to build
> > and
> > > > > we're a small company; it
> > > > > takes a while to verify that each piece is
> > > > working.)

  -- Howard Chu
  Chief Architect, Symas Corp.       Director, Highland Sun
  http://www.symas.com               http://highlandsun.com/hyc
  Symas: Premier OpenSource Development and Support