Re: poll/epoll patch for libldap?

[Quanah Gibson-Mount <quanah@zimbra.com>]

--On Thursday, August 28, 2008 8:04 AM -0600 Nicholas Dronen 
<ndronen@gmail.com> wrote:


> Unfortunately, we're more or less at the mercy of Red Hat when it comes
> to the versions of packages that are included in their distribution.  We
> use a commercial version, not Fedora, for support reasons.  In this
> particular case, the fact that we were exceeding the default limit of
> 1024 file descriptors for select(2) resulted in pam_authenticate blocking
> for up to four minutes, which is a huge problem in a production system,
> enough to justify including a rebuilt RPM.  Generally, JPam's use of
> libldap is pretty simple -- just enough to bind and authenticate a user
> -- so as long as that basic functionality works as desired, we should be
> okay with 2.3.27. :-)  If we're not, then we'll have to include our own
> RPM.

Basing the OpenLDAP *server* you run on based on the version of OpenLDAP in 
RedHat is an extremely flawed and broken approach, that will only open 
yourself to heartache.  Their RPM's are years out of date, and missing 
critical fixes.  You need to understand that the OpenLDAP included in their 
release is to provide the client API, not a stable OpenLDAP server.  For 
that, you need to use up to date versions of OpenLDAP.  Buchan Milne 
provides pre-built RPMs for RedHat, and Symas Corp provides prebuilt builds 
of OpenLDAP that support can be purchased for.  Either of those options are 
thousands of times more desirable than what RedHat ships.

Buchan's stuff: <http://staff.telkomsa.net/packages/>
Symas's stuff: <http://www.symas.com/>

FAQ entry you should read: 
<http://www.openldap.org/faq/data/cache/1456.html>

--Quanah


--

Quanah Gibson-Mount
Principal Software Engineer
Zimbra, Inc
--------------------
Zimbra ::  the leader in open source messaging and collaboration