[Date Prev][Date Next] [Chronological] [Thread] [Top]

Re: poll/epoll patch for libldap?

--On Thursday, August 28, 2008 8:04 AM -0600 Nicholas Dronen <ndronen@gmail.com> wrote:

Unfortunately, we're more or less at the mercy of Red Hat when it comes
to the versions of packages that are included in their distribution.  We
use a commercial version, not Fedora, for support reasons.  In this
particular case, the fact that we were exceeding the default limit of
1024 file descriptors for select(2) resulted in pam_authenticate blocking
for up to four minutes, which is a huge problem in a production system,
enough to justify including a rebuilt RPM.  Generally, JPam's use of
libldap is pretty simple -- just enough to bind and authenticate a user
-- so as long as that basic functionality works as desired, we should be
okay with 2.3.27. :-)  If we're not, then we'll have to include our own

Basing the OpenLDAP *server* you run on based on the version of OpenLDAP in RedHat is an extremely flawed and broken approach, that will only open yourself to heartache. Their RPM's are years out of date, and missing critical fixes. You need to understand that the OpenLDAP included in their release is to provide the client API, not a stable OpenLDAP server. For that, you need to use up to date versions of OpenLDAP. Buchan Milne provides pre-built RPMs for RedHat, and Symas Corp provides prebuilt builds of OpenLDAP that support can be purchased for. Either of those options are thousands of times more desirable than what RedHat ships.

Buchan's stuff: <http://staff.telkomsa.net/packages/>
Symas's stuff: <http://www.symas.com/>

FAQ entry you should read: <http://www.openldap.org/faq/data/cache/1456.html>



Quanah Gibson-Mount
Principal Software Engineer
Zimbra, Inc
Zimbra ::  the leader in open source messaging and collaboration