[Date Prev][Date Next] [Chronological] [Thread] [Top]

Re: Resources/Documentation for Redhat 9 and LDAP Auth

Hi again.

On Wed, 2003-08-13 at 19:22, Terrence Martin wrote:
> Well the thing is I do not like tarballs, makes things messy. However I 
> am more than capable of making my own RPMS and SPEC files and had 
> already built my own from an admittedly older version of openldap.

I am completely at a loss for words in response to a statement that
alleges that someone who has built their own RPMs finds the prospect of
tarballs 'messy'. I have yet to see a messier more unnecessarily
convoluted method of building software than building your own rpm,
which, by the way, requires that you get a source distribution anyway,
which also means you'll probably deal with tarballs at some point. 

If you use the various and different '--prefix' and '--*-dir' flags to
'./configure', I fail to see what's messy about it. In fact, this is
largely how Redhat builds their rpms.

> I am downloading the rawhide src rpm of openldap. 2.1.22 which I 
> believe is the latest version. I will work from that. Any gotchas here?

None that I haven't already mentioned. Reread the prior email. All of
those things apply to ANY program distributed by ANY distribution.
Unless you get the src.rpm and confirm that the patches applied and the
settings the software was configured with are adequate, there could be
any number of issues. 

I just don't view a production deployment of something that may hold
sensitive data and be given rather enormous responsibility as something
that should be left to 'default' configurations and builds as supplied
by a company or entity who has no knowledge of your environment or what
your needs are. 

Unless this is for an addressbook application running on the local
desktop machine, I say lose the skirt and go get the tarball. 

> Terrence
> Brian K. Jones wrote:
> > Probably the best thing to be said about contemplating a production
> > OpenLDAP deployment using the RedHat-supplied packages is this:
> > 
> > DON'T.
> > 
> > The versions are outdated, and you haven't a clue as to whether or not
> > your implementation will do what you want, and if it does, you don't
> > know what extra niceties might be built in to sacrifice security or
> > stability. If you look at the source rpm's, and do some general reading
> > on openldap, you're likely to come to this conclusion yourself. 
> > 
> > Glad I could save you some time ;-)
> > brian.
> > 
> > On Wed, 2003-08-13 at 14:11, Terrence Martin wrote:
> > 
> >>Are there any resources out there for assisting in the deployment of 
> >>OpenLDAP using the Redhat based packages?
> >>
> >>I have found several howtos on LDAP in general and some integration, but 
> >>a lot of them spend time on compilation and less on the configuration 
> >>specifically.
> >>
> >>Terrence
> > 
> >