Re: OpenLDAP - versioning/stability questions

["Richard L. Goerwitz III" <richard@goerwitz.com>]

Quanah Gibson-Mount wrote:

> I see the versions of OpenLDAP shipped with a particular linux 
> distribution as the local client libraries, and they should not be 
> confused with what to use for running a directory service.

Extremely sharp people like you (Quanah) who are coming from
institutions Stanford's size, or greater, serve as great data
points, and I understand what you say:  To do things 'right'
with an enterprise directory in an institution of your type
and size requires a certain level of care and feeding.  I did
a six-year stint at Brown University, so I understand somewhat
where you're coming from.

In smaller environments like my current one at Carleton College
(just 1800 students), we typically (in order to keep from
being overwhelmed with lifecycle maintenance issues) like to try
to rely on vendors (RedHat, others) to supply us with patches
and proper updates to as much software as possible.

We try to reduce the number of packages that we feed by hand
because our size limits our breadth and capacity.

That's not to say we don't do any hand compilation or anything
of that sort.  In fact, we sometimes hand patch software to fit
our environment, although this almost always goes badly (there
is usually just one person who understands the patches, and he
or she may leave, move on to other duties, or simply not have
the time to integrate them into new versions of products).  So
if we can get away without hand compiling/patching - i.e., if we
can find a way to deploy software so that dumber and/or busier
and/or more thinly stretched people can still manage it - we do
it.

So anyway, with regard to my original query (regarding OpenLDAP
and RedHat), my goal was to determine whether RedHat's OpenLDAP
build is solid or worth using.  Is it enterprise worthy, as you
might expect from the designation 'RedHat Enterprise Linux'?
Or are they just putting OpenLDAP out there without giving it
much effort?

I'm also interested in determining whether (aside from basic
security and reliability patches) there is any particular
version of OpenLDAP expected to last, as a solid, supported
version of the product, for eighteen to twenty four months -
a typical lifecycle for a thing like a database (e.g., Oracle
8i, 9i, etc.) an OS (e.g., RHEL 3.0) etc. at an institution
of my size, with a staff like ours.  By solid/supported I am
not implying that no changes or patches would be needed.  The
issues for us are persistence of a given product revision
(e.g., 2.2 series), feature freezes, and ease of upgrades.

With Apache, e.g., we rarely have any trouble at all upgrading.
The issues are practically nil.  Ditto, e.g., for MySQL.  And
in the case of Apache, we try (as far as possible) just to use
RPMs given us by RedHat (a few servers require custom builds,
but we try to keep that down).

For MySQL we just use RPMs provided by MySQL.  Junior sysadmins
can maintain MySQL quite nicely and use very little time doing
it.

But back to OpenLDAP and RedHat, though:

My sense is that this group sees the RedHat build (2.2.13,
released 8 months ago) as obsolete and RedHat's use of it
questionable.

Is this correct?

--

Richard L. Goerwitz III		   Email: Richard.Goerwitz@Carleton.edu
Phone: +1 507 646 5526				   Fax: +1 507 646 4537
PGP key fingerprint: 4471 B6D3 57CC B2DC A0CF  82D3 0B7D EA19 F425 B0E0